Penguin Account-Heavenly Alliance-Overseas Alliance ecosystem shift changes threat-actor operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
A PBaaS service-provider ecosystem is packaging pig butchering operations as turnkey fraud, boosting scale and lowering entry costs across Southeast Asia. Providers sell stolen identities, pre-registered accounts, mobile apps, and CRM/SCRM tooling so crews can run and manage social-engineering operations with less technical skill. They also bundle payment processing and laundering support to move proceeds beyond law-enforcement reach. Named sellers such as Penguin Account Store and UWORK show the market is becoming a modular criminal supply chain rather than a single crew-led scam.
Related Happenings
Underground DDoS sellers commoditize attack services with panels, API access, and reseller plans
Threat Actor Meta
H score20
First: 29.05.2026 17:32
Last: 29.05.2026 17:32
Sources 1
About this happening:
Underground DDoS sellers are shifting from scattered tools to **packaged, resellable services**, lowering the barrier for disruptive attacks and widening the buyer pool. Listings...
Underground DDoS sellers commoditize attack services with panels, API access, and reseller plans
Threat Actor MetaAbout this happening: Underground DDoS sellers are shifting from scattered tools to **packaged, resellable services**, lowering the barrier for disruptive attacks and widening the buyer pool. Listings...
TeamPCP supply-chain ecosystem shift and extortion partnerships
Threat Actor Meta
H score15
First: 22.05.2026 14:55
Last: 22.05.2026 14:55
Sources 1
About this happening:
**TeamPCP** has expanded its supply-chain abuse model across open-source ecosystems, raising the risk of downstream compromise and extortion at scale. The group has **corrupted hu...
TeamPCP supply-chain ecosystem shift and extortion partnerships
Threat Actor MetaAbout this happening: **TeamPCP** has expanded its supply-chain abuse model across open-source ecosystems, raising the risk of downstream compromise and extortion at scale. The group has **corrupted hu...
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal Action
H score40
First: 04.05.2026 08:59
Last: 04.05.2026 08:59
Sources 1
About this happening:
The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal ActionAbout this happening: The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor Meta
H score43
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
**Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor MetaAbout this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
H score33
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Timeline
-
12.01.2026 09:34 2 articles · 5mo ago
PBaaS providers industrialize pig butchering fraud
Initial DisclosureCybersecurity researchers describe a service-provider ecosystem that packages pig butchering operations as turnkey crimeware, supplying scam kits, stolen identities, pre-registered SIM cards, stolen social media accounts, mobile apps, SCRM AI, and BCD Pay so operators can run social-engineering campaigns, manage victims, and move proceeds beyond law-enforcement reach. Named sellers such as Penguin Account Store, also called Heavenly Alliance and Overseas Alliance, and UWORK show how the market lowers technical barriers and turns fraud into an off-the-shelf service across Southeast Asia.
Show sources
- Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud — thehackernews.com — 12.01.2026 09:34
- Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud — thehackernews.com — 12.01.2026 09:34