US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

CYBER RISK THREAT INTELLIGENCE CYBERSECURITY OPERATIONS ENDPOINT SECURITY NEWS US Busts Myanmar Ring Targeting US Citizens in Financial Fraud Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites. Nate Nelson,Contributing Writer April 24, 2026 4 Min Read SOURCE: SLEGERS HANS VIA ALAMY STOCK PHOTO The US government has sanctioned a criminal network supporting Southeast Asian scam compounds, including one of Cambodia's richest and most powerful men. Authorities also seized infrastructure supporting these scam operations and criminally charged two individuals associated with one large compound in Myanmar. Often enough, the scammers who call and text you are enslaved persons in Southeast Asia. You ignore these entreaties, but plenty of vulnerable Americans don't, and with well-trodden social engineering tactics the scammer-captives can convert a grandma into an ATM for the Asian criminal gangs that run these rackets. In 2024, the US Secret Service and FBI teamed up in "Operation Level Up," aimed at identifying and stopping cryptocurrency scams in their tracks. Last year, the Trump administration coordinated a Scam Center Strike Force to combat the gangs behind so many of these scams. Government figures suggest that these initiatives have found great success so far. According to the Department of Justice, Operation Level Up has intervened in nearly 9,000 cases of crypto fraud, saving victims an estimated $562 million. Related:AI Phishing Is No. 1 With a Bullet for Cyberattackers "The Scam Center Strike Force has produced some concrete early results," says Martin Zugec, technical solutions director at Bitdefender. "But to put that figure in perspective: the UN estimates this industry at roughly $64 billion annually, larger than Cambodia's entire GDP, and reported American losses rose from 2023 to 2025. The enforcement successes are real, but the scale of the problem is larger." To chip away at the larger scale of the problem, this week the Strike Force revealed a coordinated series of actions against the Asian scam centers themselves. Those actions included two new indictments, sanctions against 29 individuals — including a Cambodian senator — and seizure of a Telegram channel and more than 500 .com Web domains tied to fake investment sites. America Takes On an Asian Scam Ring In November 2025, the Burmese army seized the Shunda scam compound near the country's border with Thailand. FBI agents deployed to Thailand reviewed the evidence leftover, and pieced together the operation's digital and organizational structure. Like all of these scam compounds, Shunda recruited its workforce by falsely promising gainful employment. Their primary means of reaching people was Telegram. From a channel with 6,000 real or fake followers, the scam masters recruited poor and unemployed people, especially if they were attractive women or could speak with American-ish accents. US authorities have since seized this Telegram channel. Related:China-Backed Hackers Are Industrializing Botnets Once those workers were trapped inside of Shunda, some of them were forced to perform social engineering attacks against Americans. They would call US citizens, pretending to be representatives of US banks, and try to trick them into believing that their bank account had been used to purchase firearms. The ruse was enshrined in scripts, like the one below: Source: The US Department of Justice The two men managing this operation — supervising the targeting of Americans and doling out physical punishments to unsatisfactory workers — were Chinese nationals. Both were charged with wire fraud. Ties to Cambodia's Government Scam centers are far too well-resourced, widespread, and organized to be run by run-of-the-mill gangsters, though. Just like in the movies, these conspiracies go all the way to the top. The top is a cartoon villain named Kok An. An, a baron in the business of vices — casinos and tobacco, for example — has long served in Cambodia's senate, thanks to his wealth and proximity to the country's royal family. His outsize role in the Asian scam industry has been well-documented and unpunished for many years. According to the US Treasury Department, An's flagship hotel and casino brand, Crown Resorts, owned by his company, Anco Brothers, splits its time between developing tourist destinations and human trafficking compounds (though not Shunda specifically). The two business verticals actually work in harmony — digital infrastructure can be shared, casino security guards can double as compound slavemasters, and casinos can launder the profits earned through online scamming. Related:'Zealot' Shows What AI's Capable of in Staged Cloud Attack Besides An himself, the Treasury's Office of Foreign Assets Control (OFAC) also sanctioned 28 individuals in his network. What Governments Can Do About Scam Compounds Generally speaking, when US law enforcement confronts purely online-based cybercrime like ransomware-as-a-service (RaaS), the effects are mixed. Authorities can take out domains, splash warnings on cybercriminal gathering places, and eat into the reputations of major threat actors. But the individuals involved in those operations can usually reorient themselves and resume cyberattacking in some other fashion. "Unlike ransomware groups that can rebrand overnight with a new domain and a press release, scam centers are physical operations: compounds with buildings, guards, and a workforce that is often trafficked or coerced which makes successful enforcement actions more disruptive than in pure cybercrime," Bitdefender's Zugec explains. "These operations also depend on cultivated relationships with local officials and power brokers, and rebuilding those corrupt networks in a new jurisdiction takes time and money." With that said, he warns, "Relocation is absolutely within capability of these groups. You squeeze one country and operations migrate to the next: pressure on Myanmar's Kokang region in 2023 pushed activity into Cambodia, and early 2026 signals already point toward Sri Lanka as the next destination." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The Total Economic Impact™ Of Google SecOps AI-driven SecOps: Transforming Financial Services Security The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps AI-driven SecOps: Transforming Financial Services Security The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps Access More Research Webinars Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Tips for Managing Cloud Security in a Hybrid Environment? Zero Trust Architecture for Cloud environments: Implementation Roadmap Security in the AI Age More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Editor's Choice VULNERABILITIES & THREATS EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses byRob Wright APR 14, 2026 8 MIN READ СLOUD SECURITY CSA: CISOs Should Prepare for Post-Mythos Exploit Storm byAlexander Culafi APR 13, 2026 6 MIN READ СLOUD SECURITY Navigating the Unique Security Risks of Asia's Digital Supply Chain byAlexander Culafi APR 15, 2026 3 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection LOADING... Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Tips for Managing Cloud Security in a Hybrid Environment? THURS, MAY 7, 2026 AT 1PM EST Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST Security in the AI Age TUES, APRIL 28, 2026 AT 1PM EST More Webinars White Papers 7 best practices for secrets lifecycle management Reinventing the SOC with agentic AI Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS