US Law Enforcement Seizes $15 billion from Asian Cybercriminals

Criminals behind Pig butchering usually contact their targets through social media, dating sites, and messaging apps, build trust, and then lure victims into fake investment schemes. However, instead of investing the funds, the scammers steal the money by moving it into accounts they control.

US Department of Justice has indicted 147 individuals for participating in these schemes, including the leader of Prince group Chen Zhi, also known as “Vincent”, and has seized $15 billion in BitCoin from the criminals. Law Enforcement has also identified over 100 shell and holding companies across over 30 countries used in various money laundering schemes.

The criminal operations include human-trafficking. Prince Group carried out these schemes by trafficking hundreds of workers and forcing them to work in compounds in Cambodia and execute the scams. The compounds housed vast dormitories surrounded by high walls and barbed wire, and functioned as violent forced labor camps.

U.S. losses to online investment scams have steadily increased over the last several years, totaling over $16.6 billion, according to US Department of Trade OFAC.

Assessment

While ransomware is centered around a Russian cybercriminal ecosystem, “Pig butchering” is the most common form of cybercrime in the Chinese cybercrime ecosystem. And just as Russian cybercriminals often has little to fear from the Russian government, Asian cybercriminals operating out of Cambodia are seldom disrupted by local law enforcement. The indicted individuals, including their leader Chen Zhi appears to be still at large. Other Chinese cybercriminals have begun to operate out of Africa in recent years, capitalizing on weak rule of law and China’s influence in the region.

Pig butchering is not a threat to enterprises in the same way as ransomware or Business Email Compromise, as they mostly target individuals and their private assets, which is one reason Truesec seldom shares intelligence on this phenomenon, but the sheer scale of the defrauding these criminals are responsible for means that they steal money on a scale that still rivals that of ransomware and BEC criminals.

The main concern from a cybersecurity perspective is that individuals who fall victim of these scams may have their personal economy ruined which can make them vulnerable to other forms of malign influence.

References

[1] https://www.justice.gov/usao-edny/media/1416251/dl