top of page
Raymond Hantho

The Intricate Web of Pig Butchering Scams and its potential link to the DPRK



As we delve deeper into the digital age, the fight against cybercrime, particularly pig butchering scams, remains a moving target. By understanding the mechanisms and networks that enable these scams, we can begin to protect ourselves and others from the devastating impact of these financial predators. The battle against pig butchering scams is not just about financial loss; it's about reclaiming the security and trust that are the foundations of our digital world.


Cybercrime has evolved into an intricate web of deceit, with "pig butchering" scams emerging as one of the most cunning and devastating forms of financial fraud. Unlike the agricultural practice its name might suggest, pig butchering in the cyber world refers to a sinister scheme where scammers "fatten" their victims with affection and trust before "slaughtering" them financially. These scams are meticulously crafted to deceive individuals into investing in fake platforms, leading to significant financial losses.


The victims are often lured into subscribing to specific currency pairs, such as aBTC or eBTC, with the prefix indicating the scammers' control over the trend. This manipulation is facilitated by third-party applications, allowing scammers to create an illusion of major profitability. Expanding on the connection between a shell company registered in the UK, Scott Market, and Yunma Tianlong International Consulting Co. Limited, and their role in facilitating pig butchering scams, offers a deeper insight into the intricate network that underpins these fraudulent operations. The relationship between these entities is a prime example of how shell companies are utilized within the scam ecosystem to create an illusion of legitimacy.


A key component of these scams is the reliance on shell companies to legitimize their fraudulent activities. Shell companies, often with no actual real business operations, serve as fronts for these scammers to access services like Meta Trader 5 or 6 by MetaQuotes. While convincing victims to invest in their counterfeit investment platforms, scammers manipulate for instance the trend of bitcoin through third-party applications, making the investment seem more profitable than it is presumed by the victim.


Source: IP address of dedicated server used to host pig butchering scam websites.


Expanding on the Connection Between Shell Companies and Scams

Delving deeper into the connection between shell companies such as Scott Market, registered in the UK, and Yunma Tianlong International Consulting Co. Limited, we uncover the layers of deceit that characterize pig butchering scams. These entities exemplify the misuse of corporate structures to foster a facade of legitimacy.


Source: screenshot of the fake investment platform - user.localcryptofx(.)net


Further investigation reveals deeper connections linking these operations to broader networks. Uworkcrm, a service provider of MT5, shares an IP address with the localcryptosfx domain, indicating a shared infrastructure. This web extends to dedicated servers associated with casinos in Macau, China, suggesting a complex network of businesses involved in these scams. Scott Markets, a company linked to Gao Tingxing—who is registered as a secretary of Yunma Tianlong—highlights the interconnectedness of these entities. This network not only facilitates the scam but also provides a veneer of legitimacy to these fraudulent operations. Yunma Tianlong International Consulting Co. Limited has emerged as one of the most prominent shell companies embroiled in pig butchering scams . This entity stands at the heart of a vast network of shell companies, with hundreds, if not thousands, linked to it in the United Kingdom alone. But how do we pinpoint Yunma Tianlong as the epicenter of these fraudulent operations? The answer lies in the digital breadcrumbs left by DNS records from scam websites. An exemplary case is the now-defunct website localcryptosfx(.)net, whose DNS record pointed directly to Yunma Tianlong or its secretaries. This digital trail unveils the infrastructure supporting these scams, with companies like uworkcrm registered in Malaysia playing a crucial role by providing Meta Trader licenses and customer relationship management (CRM) systems. These CRMs are used for scammers to manage their ill-gotten gains and manipulate market trends within the app presented to their victims.

Yunma Tianlong International: A Nexus Point

Scott Markets Pty Ltd emerges as an entity within this deceptive network. Its registration details reveal a connection: the same individual listed as a director of Yunma Tianlong. The linkage between Scott Markets Pty Ltd and Yunma Tianlong is made explicit through directorship. This connection underscores the strategic employment of shell companies to navigate the legal and financial landscapes, enabling the scams' proliferation. Through the strategic use of shell companies, access to legitimate trading platforms, and the manipulation of market data, these entities weave a convincing narrative of investment opportunity, all while concealing the fraudulent nature of their operations.


Source: Maltego


Unveiling the Infrastructure

The trail left by DNS records from scam websites such as the now-defunct localcryptosfx[.]net points directly to Yunma Tianlong or its secretaries. This revelation, underscored by the shared IP address between uworkcrm, a provider of MT5 services, and the localcryptosfx domain, unveils a shared infrastructure indicative of a broader, more complex network of deceit.


Understanding DNS and NSlookup

DNS, or Domain Name System, serves as the internet's directory, translating domain names into IP addresses. NSlookup, a command-line tool, queries DNS servers to retrieve domain name or IP address mappings. This tool is instrumental in tracing the digital pathways that scams like those involving the scam website localcryptosfx (crmlocalfx.uworkcrm[.]com).


The DNS records from websites such as the now-offline localcryptosfx[.]net point to Yunma Tianlong or its secretaries, highlighting a shared infrastructure that spans across entities and geographies.


Source: centralops(.)net


The Connection Between Scott Markets and Yunma Tianlong

One of the things that characterizes pig butchering scams is the utilization of shell companies and stands out as a fundamental strategy. These entities, devoid of genuine business activities, are not merely placeholders in the vast expanse of cyber fraud but are pivotal in constructing a facade of legitimacy. An example of this is the direct connection between Scott Markets Pty Ltd and Yunma Tianlong International Consulting Co. Limited, both of which play instrumental roles in the orchestration of these scams. The people named in these registrations might be compensated to lend their names to the shell companies. This intricate web of companies, individuals, and technologies paints a disturbing picture of the lengths to which scammers will go to go establish these networks.


Source: HK Company Registry


The Global Challenge and possible DPRK Connection

The involvement of entities and individuals across different countries, including possible ties to the DPRK, amplifies the complexity of addressing pig butchering scams. The United Nations security report, specifically on page 29, details potential violations of sanctions, hinting at the broader implications money laundering proceeds of these scams as the same shell company seem to be used for both smuggling goods to North-Korea as well as a shell company for obtaining a metaqutotes license from Uworkcrm for the purposes of financial fraud.


If PBS are connected to the DPRK, it would indeed amplify the urgency of a coordinated global response. However, Chainbrium believe more solid evidence is required to draw any definitive conclusions. Yunma Tianlong might just be a company that knowingly or unknowingly help scammers register their shell companies abroad.


Source: Page 29 from the United Nations Security Report, 8 september 2021: https://www.securitycouncilreport.org/atf/cf/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D/S_2021_777_E.pdf



The Path Forward Awareness and education are critical first steps in protecting potential victims. However, unraveling this complex network requires a coordinated global response, leveraging both technological tools and international cooperation to dismantle the infrastructure supporting these scams. In shedding light on the shadowy world of pig butchering scams and their ties to shell companies and international networks, it becomes evident that this issue requires a coordinated global response. However, dismantling the complex infrastructure that supports these operations is a formidable challenge that requires cooperation across borders and sectors.


The fight against pig butchering scams is not just about financial loss; it's about restoring security and trust in our digital world.


Comments


bottom of page