US Busts Myanmar Ring Targeting US Citizens in Financial Fraud TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskThreat IntelligenceCybersecurity OperationsEndpoint SecurityNewsUS Busts Myanmar Ring Targeting US Citizens in Financial FraudSome 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.Nate Nelson,Contributing WriterApril 24, 20264 Min ReadSource: slegers hans via Alamy Stock PhotoThe US government has sanctioned a criminal network supporting Southeast Asian scam compounds, including one of Cambodia's richest and most powerful men. Authorities also seized infrastructure supporting these scam operations and criminally charged two individuals associated with one large compound in Myanmar.Often enough, the scammers who call and text you are enslaved persons in Southeast Asia. You ignore these entreaties, but plenty of vulnerable Americans don't, and with well-trodden social engineering tactics the scammer-captives can convert a grandma into an ATM for the Asian criminal gangs that run these rackets.In 2024, the US Secret Service and FBI teamed up in "Operation Level Up," aimed at identifying and stopping cryptocurrency scams in their tracks. Last year, the Trump administration coordinated a Scam Center Strike Force to combat the gangs behind so many of these scams. Government figures suggest that these initiatives have found great success so far. According to the Department of Justice, Operation Level Up has intervened in nearly 9,000 cases of crypto fraud, saving victims an estimated $562 million.Related:Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations"The Scam Center Strike Force has produced some concrete early results," says Martin Zugec, technical solutions director at Bitdefender. "But to put that figure in perspective: the UN estimates this industry at roughly $64 billion annually, larger than Cambodia's entire GDP, and reported American losses rose from 2023 to 2025. The enforcement successes are real, but the scale of the problem is larger."To chip away at the larger scale of the problem, this week the Strike Force revealed a coordinated series of actions against the Asian scam centers themselves. Those actions included two new indictments, sanctions against 29 individuals — including a Cambodian senator — and seizure of a Telegram channel and more than 500 .com Web domains tied to fake investment sites.America Takes On an Asian Scam RingIn November 2025, the Burmese army seized the Shunda scam compound near the country's border with Thailand. FBI agents deployed to Thailand reviewed the evidence leftover, and pieced together the operation's digital and organizational structure.Like all of these scam compounds, Shunda recruited its workforce by falsely promising gainful employment. Their primary means of reaching people was Telegram. From a channel with 6,000 real or fake followers, the scam masters recruited poor and unemployed people, especially if they were attractive women or could speak with American-ish accents. US authorities have since seized this Telegram channel.Related:Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskOnce those workers were trapped inside of Shunda, some of them were forced to perform social engineering attacks against Americans. They would call US citizens, pretending to be representatives of US banks, and try to trick them into believing that their bank account had been used to purchase firearms. The ruse was enshrined in scripts, like the one below:Source: The US Department of JusticeThe two men managing this operation — supervising the targeting of Americans and doling out physical punishments to unsatisfactory workers — were Chinese nationals. Both were charged with wire fraud.Ties to Cambodia's GovernmentScam centers are far too well-resourced, widespread, and organized to be run by run-of-the-mill gangsters, though. Just like in the movies, these conspiracies go all the way to the top.The top is a cartoon villain named Kok An. An, a baron in the business of vices — casinos and tobacco, for example — has long served in Cambodia's senate, thanks to his wealth and proximity to the country's royal family. His outsize role in the Asian scam industry has been well-documented and unpunished for many years.According to the US Treasury Department, An's flagship hotel and casino brand, Crown Resorts, owned by his company, Anco Brothers, splits its time between developing tourist destinations and human trafficking compounds (though not Shunda specifically). The two business verticals actually work in harmony — digital infrastructure can be shared, casino security guards can double as compound slavemasters, and casinos can launder the profits earned through online scamming.Related:Physical Cargo Theft Gets a Boost From CybercriminalsBesides An himself, the Treasury's Office of Foreign Assets Control (OFAC) also sanctioned 28 individuals in his network.What Governments Can Do About Scam CompoundsGenerally speaking, when US law enforcement confronts purely online-based cybercrime like ransomware-as-a-service (RaaS), the effects are mixed. Authorities can take out domains, splash warnings on cybercriminal gathering places, and eat into the reputations of major threat actors. But the individuals involved in those operations can usually reorient themselves and resume cyberattacking in some other fashion."Unlike ransomware groups that can rebrand overnight with a new domain and a press release, scam centers are physical operations: compounds with buildings, guards, and a workforce that is often trafficked or coerced which makes successful enforcement actions more disruptive than in pure cybercrime," Bitdefender's Zugec explains. "These operations also depend on cultivated relationships with local officials and power brokers, and rebuilding those corrupt networks in a new jurisdiction takes time and money."With that said, he warns, "Relocation is absolutely within capability of these groups. You squeeze one country and operations migrate to the next: pressure on Myanmar's Kokang region in 2023 pushed activity into Cambodia, and early 2026 signals already point toward Sri Lanka as the next destination."About the AuthorNate NelsonContributing WriterNate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost.See more from Nate NelsonWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The United States Department of Justice, in conjunction with the FBI and the Secret Service, successfully concluded “Operation Level Up,” a sustained effort targeting cryptocurrency scams, resulting in the intervention of nearly 9,000 cases and the recovery of an estimated $562 million in victim funds. This operation, coordinated during the Trump administration’s Scam Center Strike Force, focused on disrupting Asian scam centers, primarily those employing coercive tactics against American citizens. A significant component of this initiative involved the dismantling of a criminal network led by individuals like Kok An, a Cambodian senator with deep ties to organized crime operating out of locations such as the Shunda compound in Myanmar. Authorities seized more than 500 fraudulent .com domain names and a Telegram channel utilized for recruitment and manipulation. The operation’s success, according to Bitdefender’s Martin Zugec, highlights the scale of the problem – an industry estimated at $64 billion annually – while acknowledging the challenges in combating sophisticated criminal networks that can relocate operations in response to law enforcement pressure, as evidenced by shifts towards countries like Cambodia and Sri Lanka. The indictments and sanctions against 29 individuals, including Chinese nationals managing the Shunda operation and the Cambodian senator An, represent a multifaceted approach to disrupting this illicit network. The investigation revealed methods employed by the scammers, such as impersonating bank representatives to extract funds from vulnerable victims, utilizing pre-scripted communications, and exploiting worker exploitation within the scam compounds. Ultimately, the operation underscores the ongoing struggle to combat transnational criminal activity, particularly in the digital realm, and the complexity of disrupting networks with deep-rooted connections to government officials.