'Industrial-scale scam operations': Global criminal organization operated slave compounds in Asia behind huge malware-as-a-service hydra targeting 35+ government agencies monthly

News
By published

In Cambodia, malware is distributed by slaves, shocking report claims

hacker hands at work with interface around
(Image credit: Shutterstock)
  • Infoblox & Chong Lua Dao uncover global MaaS platform
  • Spoofed domains harvest KYC data, intercept SMS, drain bank accounts
  • Captive workers trafficked into Cambodian scam compound tied to elites

Malware operators - people sending phishing emails and guiding people through the infection chain - don’t always do it on their own free will - sometimes they are trafficked into scam centers and forced to work there.

One such global criminal organization was uncovered by security researchers Infoblox Threat Intel, and Vietnamese non-profit Chong Lua Dao, who recently observed a spike in anomalous DNS traffic across Infoblox customer networks, which led them to a previously undocumented malware-as-a-service (MaaS) Platform.

Further investigation uncovered that the platform registers roughly 35 new domains each month, and is active in at least 21 countries including Indonesia, Thailand, Spain, and Turkey.

Article continues below

Political and military ties

The domains spoof legitimate government and banking websites. Victims that download the fake software are required to go through the Know Your Customer (KYC) process, during which the attackers harvest personal data, biometrics, and more.

Once installed, the malware grants the attackers control over the device, including intercepting SMS messages for one-time passcodes, and using actual banking apps to wire money out.

At the same time, several captive workers contacted Chong Lua Dao, requesting rescue from K99 Triumph City - a compound in Sihanoukville, Cambodia that was previously flagged by the UN for large-scale fraud and forced labor.

After being rescued, they shared closed-group chat logs, screenshots, and other data that confirmed a service-based malware distribution and scam operation was running on associated infrastructure, and that several tracked domains were being used in the scam.

The research also uncovered that there is a small, tight-knit group of politically connected individuals that control who gets access to the K99 compound. This centralized organization has people at the top with political cover and the most significant name that surfaced is Senator Kok An.

Apparently, he's a well-known figure in Sihanoukville's casino and real estate world, and his name has appeared in multiple reports connecting the city's gambling and organized crime infrastructure to political power.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.