All over the world, threat actors are being charged for running scams as cybercriminal rings were busted in China, Singapore, and the US.
The Bai family syndicate came to power in the 2000s and developed the northern township of Laukkaing, Myanmar “into a lucrative hub of casinos and red-light districts.” Later, they created and invested in scams that forced trafficked, abused Chinese workers to defraud others. These scams circulated over 29 billion Chinese yuan ($4.1 billion USD), funding the militia the Bais controlled and the 41 compounds where the casinos and cyberscam operations were located. One member, Bai Yingguo, also presided over the production and sale of nearly 11 tons of methamphetamine. All these operation resulted in the deaths of six Chinese citizens, the suicide of one and multiple injuries.
On November 4, 2025, China sentenced five people to death for running this criminal scam organization. Xinhua reported that core members of the crime family - boss Bai Suocheng and his son Bai Yingcang were among those receiving the penalty, along with Yang Liqiang, Hu Xiaojiang and Chen Guangyi. These were not the only members of syndicate that were apprehended; five others, including Guo Jianzheng and Pan Xian were sentenced to life in prison, and nine others, including Li Longhua and Luo Wending, were then received varying sentence lengths of three to 20 years for their acts. At the end of it, all 21 Bai family members and associates in the crime ring were charged for homicide, fraud, and injury with other offenses.
The Bai family scam syndicate is not the only one in the headlines as international authorities look to cut down on cybercrimes. In October, Singapore police identified the members of a Singapore gang that managed a massive scam ring in Phnom Penh, Cambodia. Cambodia has also recently been exposed for several cybercrime organizations. The people behind these scams may not be from Cambodia - possibly being trafficked - and are not always acting voluntarily, although those who seemingly acted on their own will are being charged for running the scams. Just this week, 54 South Koreans working in Cambodia were busted for an investment scam that collected 19.4 billion won in total ($13.4 million USD) from 229 victims.
The Singaporean group was led by two brothers and their cousin (Ng Wei Lang, Ng Wei Kang, and Lester Ng Jing Hai), and included 24 other Singaporeans (even a former rugby star) who collectively perpetrated 438 scam cases that resulted in at least $41 million in losses. The gang conducted scams where they impersonated the government and many of the threat actors have ties to other crimes, like Leon Chia Tee Song, who committed armed robbery in 2016 and Brian Sie Eng Fa, who planned a fake charity drive. People with information on any of the fugitives' locations are directed to contact the Singapore Police Force. In the meantime, Singapore is looking for ways to discourage cybercrime.
Singapore’s Parliament has now added caning (being beaten with a rattan cane of about 1.2 m at a speed of 160 km/h or 99.4 mph) as a punishment for scammers. Their senior minister of state for foreign affairs and home affairs explained the amendment to their criminal law: “Offenders who commit scams, defined as cheating mainly by means of remote communication, will be punished with at least six strokes of the cane”. The maximum number of strokes will be 24, and women, girls, and men older than 50 being exempt from the practice.
Caning is a fairly common penalty in Singapore and is mandatory for 65 offenses, so perhaps it isn’t surprising that the punishment is being extended to the quickly growing crime. In 2024 alone, there were 51,501 cases reported, totaling $1.1 billion ($843 million USD) in losses. While it will be a while before we can see how effective the caning amendment is for deterring crime, 2025 is already looking to be a better year than 2024 in terms of scams in Singapore (at the start of November, 28,300 cases have been reported, amounting to $667.3 million ($511.5 million USD) in losses.
Outside of Asia, even more threat actors are being apprehended - even in the US. Overall, 2025 has been a rough year for cybersecurity in the US. The latest version of the annual Cyberspace Solarium Commission report described the Trump-directed changes, like the sweeping budget cuts that have gutted the Cybersecurity and Infrastructure Security Agency (CISA), as proof “that technology is evolving faster than federal efforts to secure it” and that “there has been a substantial reversal of the advances made in previous years.” Progress has also likely been slowed by CISA not having a permanent director, even after Sean Plankey was nominated in March 2025. Still, the US made some breakthroughs on a series of ransomware attacks this week.
Two employees at cybersecurity firms (Kevin Martin, a ransomware threat negotiator at Digital Mint, and Ryan Goldberg at Sygnia Cybersecurity Services) have been indicted for launching ALPHV BlackCat ransomware on five different companies across three industries (healthcare, engineering, manufacturing). Martin, Goldberg, and a co-conspirator demanded $16,300,000 in ransom payments, and received $1,274,000 in cryptocurrency from a medical device company based in Florida. In both cases, the cybersecurity firms fired the employees for going rogue.
While the investigation is still ongoing, the FBI’s work on this case is a good sign that the US is joining other countries, like Singapore and China, in making the internet safer by going after cybercriminals, one case at a time.