Researchers Uncover Service Providers Fueling Industrial-scale Pig... (2026)
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy.
At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam centers across Southeast Asia, creating special economic zones that are devoted to fraudulent investment and impersonation operations.
These compounds are host to thousands of people who are lured with the promise of high-paying jobs, only to have their passports and be forced to conduct scams under the threat of violence. INTERPOL has characterized these networks as human trafficking-fuelled fraud on an industrial scale.
One of the crucial drivers of the pig butchering (aka romance baiting) scams is service providers who supply the networks with all the tools to run and manage social engineering operations, as well as swiftly launder stolen funds and cryptocurrencies and move ill-gotten proceeds to accounts that cannot be reached by law enforcement.
"Large scam compounds such as the Golden Triangle Economic Zone (GTSEZ) are now using ready-made applications and templates from PBaaS providers," Infoblox said in a report published last week.
"Compounding the situation further, what once required technical expertise, or an outlay for physical infrastructure, can now be purchased as an off-the-shelf service offering everything from stolen identities and front companies to turnkey scam platforms and mobile apps, dramatically lowering the barrier to entry."
These services have been found to offer full packages and fraud kits that set the groundwork for launching scalable online scam operations without much effort. One such threat actor is Penguin Account Store, which also goes by the names Heavenly Alliance and Overseas Alliance.
Penguin operates under a crimeware-as-a-service (CaaS) model, advertising fraud kits, scam templates, and "shè gōng kù" datasets comprising stolen personal information belonging to Chinese citizens. The group also peddles account data from various popular so-called media platforms like Twitter, Tinder, YouTube, Snapchat, Facebook, Instagram, Apple Music, OpenAI ChatGPT, Spotify, and Netflix, among others.
It's believed that these credentials are likely obtained through information-stealing logs sold on the dark web. But it's presently not known if they operate the stealers themselves or whether they are merely acting as a broker of stolen
Source: The Hacker News
