Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia.

“Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in Southeast Asia, according to a U.S. government estimate.” That’s a 66% increase from the prior year, officials said. 

People who staff these scam centers are often victimized as well. Criminal organizations in Southeast Asia recruit workers under false pretenses and use debt bondage, violence, and threats of forced prostitution to coerce them to scam strangers online via messaging apps or text messages, authorities said.

The Treasury Department’s Office of Foreign Assets Control levied sanctions against nine targets operating in Shwe Kokko, Burma, which it described as a “notorious hub for virtual currency investment scams under the protection of the OFAC-designated Karen National Army.” KNA was sanctioned as a transnational criminal organization in May. 

Tin Win, Saw Min Min Oo, Chit Linn Myaing Co., Chit Linn Myaing Toyota Co., Chit Linn Myaing Mining & Industry Co., Shwe Myint Thaung Yinn Industry and Manufacturing Co., She Zhijang, Yatai International Holdings Group and Myanmar Yatai International Holding Group Co. were all sanctioned for their alleged involvement in these scam centers near Burma’s border with Thailand.

She Shijiang and Saw Chit Thu, the leader of the KNA who was previously sanctioned in May, are accused of transforming a small village in Shwe Kokko into a city built for gambling, drug trafficking, prostitution and a compound of scam centers. Tin Win and Saw Min Min Oo allegedly control property that hosts the scam centers and personally run organizations that support the operations.

“Southeast Asia’s cyber scam industry not only threatens the well-being and financial security of Americans, but also subjects thousands of people to modern slavery,” John K. Hurley, under secretary of the Treasury for terrorism and financial intelligence, said in a statement.

The Treasury Department also sanctioned four people and six organizations for their alleged involvement in forced labor compounds in Cambodia that operate virtual currency investment scams targeting victims in the United States, Europe, China and elsewhere. 

T C Capital Co., K B Hotel Co., K B X Investment Co., M D S Heng He Investment Co., Heng He Bavet Property Co., HH Bank Cambodia, Dong Lecheng, Xu Aimin, Chen Al Len and Su Liangsheng were all sanctioned for their alleged involvement in scam centers in Cambodia. 

“These sanctions protect Americans from the pervasive threat of online scam operations by disrupting the ability of criminal networks to perpetuate industrial-scale fraud, forced labor, physical and sexual abuse, and theft of Americans’ hard-earned savings,” Rubio said.

The post Treasury Department targets Southeast Asia scam hubs with sanctions appeared first on CyberScoop.

China’s reliance on domestic technology companies to carry out large-scale hacking operations—as highlighted by the U.S. government and its allies this week—is a weakness that poses risks for Beijing, a top FBI official told CyberScoop.

Cyber agencies from around the world published an alert Wednesday about what officials have described as an indiscriminate cyberespionage campaign from Chinese Communist Party-backed hackers like the group known as Salt Typhoon. The alert also named three Chinese companies that it says have assisted that hacking.

“These enabling companies, they failed,” Jason Bilnoski, deputy assistant director in the FBI’s cyber division, told CyberScoop. “This investigation, and that of our partners, are exposing that the use of these enabling companies by the CCP is a failure.”

The lack of control China has over what those companies do precisely created an opening for investigators, Bilnoski said.

“They have this unregulated system of using these enabling companies, and it does create a risk between CCP-sanctioned actions and the mistakes by these enabling private companies that they are utilizing,” he said.

The alert about the hacking campaign tracks activity from Salt Typhoon and other Chinese government-linked groups dating back to 2021, which it says Chinese entities have also assisted.

“These companies provide cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security,” the alert states. “The data stolen through this activity against foreign telecommunications and Internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world.”

One of the named companies, Sichuan Juxinhe Network Technology, is already the subject of U.S. sanctions. That firm has not responded publicly to the U..S. accusations to date, nor apparently have the other two. The Chinese government routinely denies backing hacking activities.

Under a series of laws that China passed dating back to 2014, the government has imposed obligations on companies that do business domestically on the handling of sensitive data, among other rules.

“Historically, the CCP has used shell companies like those listed here in the [advisory] to conduct this nefarious activity, and no doubt they will continue to do so,” Bilnoski said. “But we’re going to continue after them. We have a long memory, so if it’s today, tomorrow, we’re going to continue to identify, uncover and expose their activities.”

Defending networks can’t just be the role of the government, though, he said — thus the alert that went beyond warnings to the telecommunications companies that Salt Typhoon made headlines by hacking.

The timing of the alert was simple, he said: As the FBI and its partners conducted their investigations, responded to the attacks and assisted victims, they released it as soon as it was ready to go.

“It’s important that we understand that it doesn’t matter if you’re Fortune 500, small business — we should not and we cannot assume that our systems are secure,” Bilnoski said. “We need the American people, we need our partners around the world to take action here, not just with Salt Typhoon, but with all the indiscriminate actions that the CCP has been undertaking over the last few years.”

The post Top FBI official says Chinese reliance on domestic firms for hacking is a weakness appeared first on CyberScoop.

The Treasury Department on Wednesday expanded efforts to disrupt the pervasive North Korean technical worker scheme by imposing sanctions on people and organizations serving as facilitators and fronts for the country’s years-long conspiracy effort to defraud businesses and earn money despite international sanctions. 

Vitaly Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology and Korea Sinjin Trading Corp. were all sanctioned by the Treasury Department’s Office of Foreign Assets Control for their alleged roles in the scheme orchestrated by the North Korean government. 

Officials accuse the regime of hatching and maintaining an expansive operation that funnels money to its weapons and missiles programs by placing teams of specialized workers in IT jobs in the United States and elsewhere using fraudulent documents, stolen identities and false personas to hide their North Korean nationality.

“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” John K. Hurley, under secretary of the Treasury for terrorism and financial intelligence, said in a written statement.

As the sanctions-evading scheme has grown, so too has the U.S. government’s response. Officials continue to target people and organizations involved, and Wednesday’s action follows the Justice Department’s seizure of $7.74 million from North Korean nationals who allegedly attempted to launder cryptocurrency obtained by IT workers who gained illegal employment as part of the scheme. 

Andreyev, a 44-year-old Russian national, allegedly facilitates payments to Chinyong Information Technology Cooperation Co., an outfit associated with North Korea’s Ministry of Defense that was targeted in the cryptocurrency seizure and previously sanctioned, according to the Treasury Department. Chinyong employs teams of IT workers in Russia and Laos, according to officials.

“Since at least December 2024, Andreyev has worked with Kim Ung Sun, a Russia-based Democratic People’s Republic of Korea economic and trade consular official, to facilitate multiple financial transfers worth a total of nearly $600,000, by converting cryptocurrency to cash in U.S. dollars,” the Treasury Department said in the sanctions announcement.

Officials said Shenyang Geumpungri is a Chinese front company for Chingyong, which manages a group of North Korean IT workers that have earned more than $1 million in profits for Chinyong and Sinjin, an affiliate of the regime’s General Political Bureau.

The Treasury Department earlier this summer imposed another set of sanctions on people and organizations allegedly involved in the North Korea IT worker scheme. In late July, the State Department announced a reward up to $15 million for information leading to the arrest of seven North Korean nationals accused of multiple crimes, including cryptocurrency theft, fraudulent remote IT work and tobacco smuggling.

The post Treasury sanctions North Korea IT worker scheme facilitators and front organizations appeared first on CyberScoop.

U.S. officials imposed sanctions Thursday on Russian cryptocurrency exchange Garantex, its successor Grinex, and related affiliates, while also targeting its leaders for arrest with financial rewards. These measures are part of intensified efforts to halt the flow of ransomware proceeds facilitated by the platforms.

The Treasury Department’s Office of Foreign Assets Control re-designated Garantex for sanctions, accusing its operators of processing more than $100 million in illicit transactions since 2019. The State Department announced financial rewards totaling up to $6 million for information leading to the arrest or conviction of Garantex’s leaders, including up to $5 million for Russian national Aleksandr Mira Serda, the exchange’s co-founder and chief commercial officer.

Authorities expanded their targeting of Garantex, its leaders and associated companies following a sweeping international law enforcement operation in March when officials seized three domains linked to the exchange, confiscated servers, froze more than $26 million in cryptocurrency and indicted its leaders. 

One of those leaders, Aleksej Besciokov, was arrested in March while on vacation in India shortly after the Justice Department unsealed indictments against him and Mira Serda, officials said. OFAC also imposed sanctions on Sergey Mendelev, co-founder of Garantex, and Pavel Karavatsky, co-owner and regional director of Garantex.

“According to the U.S. Secret Service and FBI, Garantex received hundreds of millions in criminal proceeds and was used to facilitate various crimes, including hacking, ransomware, terrorism, and drug trafficking, often with substantial harm to U.S. victims,” Tammy Bruce, spokesperson for the State Department, said in a statement Thursday. “Between April 2019 and March 2025, Garantex processed at least $96 billion in cryptocurrency transactions.” 

Before Garantex moved its operations and funds to Grinex following the globally coordinated law enforcement disruption, the exchange received millions of dollars in cryptocurrency from Russia-linked ransomware affiliates. Officials traced those transactions to Conti, Black Basta, LockBit, Ryuk, NetWalker and Phoenix Cryptolocker. 

Grinex, which was created to avoid the sanctions placed on Garantex, has since facilitated the transfer of billions of dollars in cryptocurrency transactions, the Treasury Department said. The Treasury Department’s OFAC initially sanctioned Garatex in April 2022.

OFAC sanctioned six additional organizations Thursday, including A7, A7 Agent, Old Vector, InDeFi Bank and Exved for their alleged involvement with and material support of Garantex and Grinex.

“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” John K. Hurley, under secretary of the Treasury for terrorism and financial intelligence, said in a statement. “By exposing these malicious actors, Treasury remains committed to and supportive of the digital asset industry’s integrity.”

The post US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms appeared first on CyberScoop.

The State Department announced Thursday it will pay up to $15 million for information leading to the arrest of seven North Korean nationals accused of operating criminal schemes that generate revenue for Pyongyang’s weapons programs, marking the latest effort to disrupt financing networks that have funneled money around sanctions.

The coordinated action that also involved the Justice and Treasury departments targets what officials describe as an extensive network involving cryptocurrency theft, fraudulent remote IT work, tobacco smuggling and other illicit activities that primarily target U.S. companies and citizens.

The largest reward, $7 million, is offered for Sim Hyon-sop, who prosecutors say led tobacco smuggling operations designed to generate U.S. dollars for North Korea. Six co-conspirators carry bounties ranging from $500,000 to $3 million each.

The announcement comes as U.S. officials increasingly focus on North Korea’s ability to circumvent international sanctions through criminal enterprises that have grown more sophisticated in recent years. Intelligence assessments indicate revenue from these schemes directly funds North Korea’s nuclear weapons and ballistic missile programs, which have expanded significantly under Kim Jong Un’s leadership.

One of the most lucrative schemes involves dispatching thousands of North Korean IT workers abroad, primarily to Russia and China, where they assume false identities to secure remote positions with U.S. companies. These workers often target high-paying technology jobs, with earnings sent back to North Korea to support government programs. 

In a related case, a U.S. citizen, Christina Marie Chapman, was sentenced to more than eight years in prison Thursday for facilitating a scheme that defrauded more than 300 U.S. companies, by helping North Korean IT workers obtain remote positions under false pretenses.

The Treasury Department simultaneously sanctioned Korea Sobaeksu Trading Company, which officials say has deployed IT workers to Vietnam, along with three additional North Korean nationals involved in similar schemes.

Research has indicated these operations generate hundreds of millions of dollars annually, providing North Korea with hard currency needed to purchase materials and technology for weapons development.

The use of criminal revenue to fund state weapons programs represents what analysts describe as a hybrid model where traditional organized crime intersects with state-sponsored activities to achieve strategic objectives.

The post US offers $15 million reward for info on North Korean nationals involved in global criminal network appeared first on CyberScoop.

As the U.S. government contemplates additional sanctions on Moscow, the United Kingdom went ahead and levied its own Friday against what it said was a group of Russia’s hackers and spies. 

The sanctions target 18 military intelligence officers and three divisions of the Russian military unit known as the GRU. Cyber operations in support of Russia’s war against Ukraine drew the U.K. targeting of the hackers.

“The GRU routinely uses cyber and information operations to sow chaos, division and disorder in Ukraine and across the world with devastating real-world consequences,” reads a news release.

But the sanctions also go after the use of malware tied to an attempted assassination of a former Russian double agent residing on U.K. soil and the related poisoning of his daughter.

“Today’s action also hits GRU military intelligence officers responsible for historically targeting Yulia Skripal’s device with malicious malware known as X-Agent — five years before GRU military intelligence officers’ failed attempt to murder Yulia and Sergei Skripal with the deadly Novichok nerve agent in Salisbury,” the release states.

According to a 2018 U.S. grand jury indictment, X-Agent is custom malware that Russia developed to hack the Democratic National Committee and Democratic Congressional Campaign Committee to interfere in the 2016 election.

The U.K. sanctioned some of the military officers for spying operations like those involved in the 2022 bombing of Mauripol Theatre, which had been sheltering Ukrainian civilians.

In the U.S. Congress, lawmakers have been demonstrating some rare bipartisan consensus on the notion of slapping Moscow with more sanctions. That legislation would likewise seek to punish Russian cyber operations in Ukraine, among other Russian aggression in the former Soviet satellite nation.

President Donald Trump, too, has grown impatient with Russian President Vladimir Putin over the Ukraine war and has threatened further sanctions against Moscow and its trade partners.

The United Kingdom warned in a separate alert Friday that GRU cyber operations could spill over from the Ukraine war.

“The future trajectory of this threat remains uncertain and international partners need to prepare for its redirection and a range of potential scenarios,” the alert states.

The three units drawing U.K. sanctions have been connected to a range of hacking activity, from meddling in elections across the globe to the massive 2017 NotPetya attack.

“GRU spies are running a campaign to destabilise Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens,” said U.K. Foreign Secretary David Lammy. “The Kremlin should be in no doubt: we see what they are trying to do in the shadows and we won’t tolerate it. …  Putin’s hybrid threats and aggression will never break our resolve.”

Also Friday, the European Union agreed to sanctions targeting Russia’s energy and banking sectors, the bloc’s 18th set of sanctions against Moscow.

You can read the full list of those sanctioned on the U.K. government’s website.

This article has been updated to reflect news about the additional EU sanctions.

The post UK sanctions Russian hackers, spies as US weighs its own punishments for Russia appeared first on CyberScoop.