'Industrial-scale scam operations': Global criminal organization operated slave compounds in Asia behind huge malware-as-a-service hydra targeting 35+ government agencies monthly

Date:
Mon, 13 Apr 2026 17:25:00 +0000

Description:
Shocking report claims forced labor used to distribute malware in Cambodian compounds.

FULL STORY
Malware operators - people sending phishing emails and guiding people through the infection chain - dont always do it on their own free will - sometimes they are trafficked into scam centers and forced to work there.

One such global criminal organization was uncovered by security researchers Infoblox Threat Intel , and Vietnamese non-profit Chong Lua Dao, who recently observed a spike in anomalous DNS traffic across Infoblox customer networks, which led them to a previously undocumented malware-as-a-service (MaaS) Platform. Further investigation uncovered that the platform registers roughly 35 new domains each month, and is active in at least 21 countries including Indonesia, Thailand, Spain, and Turkey.

Political and military ties -- The domains
spoof legitimate government and banking websites. Victims that download the fake software are required to go through the Know Your Customer (KYC)
process, during which the attackers harvest personal data, biometrics, and more.

Once installed, the malware grants the attackers control over the device, including intercepting SMS messages for one-time passcodes, and using actual banking apps to wire money out.

At the same time, several captive workers contacted Chong Lua Dao, requesting rescue from K99 Triumph City - a compound in Sihanoukville, Cambodia that was previously flagged by the UN for large-scale fraud and forced labor.

After being rescued, they shared closed-group chat logs, screenshots, and other data that confirmed a service-based malware distribution and scam operation was running on associated infrastructure, and that several tracked domains were being used in the scam.

The research also uncovered that there is a small, tight-knit group of politically connected individuals that control who gets access to the K99 compound. This centralized organization has people at the top with political cover and the most significant name that surfaced is Senator Kok An.

Apparently, he's a well-known figure in Sihanoukville's casino and real
estate world, and his name has appeared in multiple reports connecting the city's gambling and organized crime infrastructure to political power.

Link to news story: https://www.techradar.com/pro/security/industrial-scale-scam-operations-global -criminal-organization-operated-slave-compounds-in-asia-behind-huge-malware-as -a-service-hydra-targeting-35-government-agencies-monthly

$$
--- MultiMail/DOS
* Origin: Capitol City Hub (1:2320/105)