ED Files Prosecution Complaint on ₹159 Crore Global Cyber ​​Crime Syndicate (PC), Disbands International Cyber ​​Crime Gang

The Enforcement Directorate (ED) has unearthed a sprawling cyber crime syndicate with international links that used social media to defraud Indian citizens of Rs 159 billion.

On October 10, the financial investigation agency filed a prosecution complaint with the Special Court (PMLA) in Bengaluru against eight persons and 24 shell companies arrested in connection with the operation. The court took into account the prosecutor’s complaint on October 29, 2024.

The investigation revealed that key members of the organisation, headquartered in Hong Kong and Thailand, played a significant role in orchestrating and facilitating cyber fraud activities, coordinating the establishment of shell companies in India and helping launder proceeds through complex cross-border transactions. The ED finding revealed that funds generated from the activities of these cybercriminals were layered through multiple accounts and later converted into cryptocurrency, exploiting its anonymity to conceal their origins and facilitate transfers abroad.

Flowchart of modus operandi used by cybercriminals | FPJ

This cyber syndicate network used social media platforms such as Facebook, Instagram, WhatsApp and Telegram to trap victims with the promise of high returns from fake stock market investments and Initial Public Offerings (IPOs). Moreover, some victims were manipulated by the Customs and CBI under the guise of fake arrest, resulting in them transferring huge amounts of funds to various shell companies under a fake “fund arrangement process”.

According to the ED’s prosecutorial complaint (PC), the investigation uncovered a sophisticated cyber fraud operation that relied on fake advertising and fabricated success stories to convince victims that they were investing in legitimate financial opportunities. Known as the “pork butchering” scam, the scam encouraged victims to invest in non-existent stock market schemes, lured by promises of significant returns.

Scammers have begun to use increasingly sophisticated tactics to deceive individuals through social media. When the victim showed interest, they were added to WhatsApp or Telegram groups filled with fake members sharing fabricated success stories to create the illusion of legitimacy. Allegedly, they used names imitating well-established financial institutions such as ICICI Securities, GFSL Securities, SMG Global Securities, Blackrock Capital, JP Morgan to further increase their credibility.

According to ED’s prosecution complaint (PC), as trust grew, victims were instructed to download fake investment apps, which were often shared via direct messages. These apps mimicked legitimate platforms by showcasing well-known stocks and fake IPOs. Initial interactions can lead to fake returns being displayed on the app, encouraging victims to invest large sums of money. But when victims tried to withdraw their funds, they were met with demands for fictitious taxes or brokerage fees as part of a ploy to obtain more money. Eventually, the scammers cut off all communication, leaving the victims in a difficult situation and unable to get their investment back.

Fake IPO position | FPJ

Investment Portfolio Used in Cyber ​​Fraud Scheme | FPJ

Withdrawing Money from Fake Bank Card | Image accessed by FPJ

According to the ED’s PC, in addition to investment scams, the network also used the tactic of “digital arrest”, where fraudsters impersonate Customs or CBI officials and use intimidation to force victims to pay huge amounts. These fraudsters threatened victims with fabricated arrest scenarios and claimed prosecution would be initiated unless they paid to “organize” their funds. This manipulation forced individuals to give up their savings for fear of legal repercussions.

Telegram Powered SIM Network: Fraudsters Leverage Illegally Sourced SIM Cards for Cyber ​​Crime and Money Laundering Purposes | Image accessed by FPJ

The ED’s investigation uncovered a complex scheme in which fraudsters used hundreds of illegally obtained SIM cards to defraud victims and launder illicit funds. These SIMs, often linked to shell company bank accounts or used to create WhatsApp accounts, allowed fraudsters to maintain their anonymity and evade immediate detection. Fraudsters procured SIM cards from individuals in India through Telegram groups and activated them before sending them abroad to support cyber fraud operations.

The ED’s prosecution complaint revealed that fraudsters had set up 24 shell companies across India, especially in Tamil Nadu and Karnataka, to manage and layer the proceeds from these scams. Registered primarily in coworking spaces with no real commercial activity, these companies served as fronts for the laundering of illicit funds. Fake bank statements and fabricated documents were submitted to company files, creating an elaborate façade of legitimacy. Some of the directors involved were unaware of their roles and were effectively serving as puppets for the cyber syndicate. Proceeds from crime were routed through mule accounts and converted into cryptocurrency for transfer abroad, making them difficult to trace.

PC reveals that the investigation uncovered links with individuals outside India who coordinated with Indian agents to set up shell companies, appoint fake directors and open bank accounts with fake documents shared via WhatsApp. Among those arrested, Charan Raj C, who is currently in judicial custody, was the primary recruiter for securing directorates and bank accounts essential for the union’s operations. While Shashi Kumar M was instrumental in setting up shell companies to divert illicit funds, Sachin M ran multiple shell entities and hired fake executives using fake credentials.

To stratify the proceeds of crime, funds were transferred from victims’ accounts through various intermediary accounts, including rented mule accounts. This involved numerous transactions between accounts to conceal the original source of the funds. Small transaction amounts (under Rs 5 lakh) were used to avoid triggering alerts for suspicious activity. Many of the illicit funds were converted into cryptocurrency, a deliberate strategy to further conceal the origin of the money and facilitate its transfer outside India.

ED officials carried out 17 searches at various locations under the Prevention of Money Laundering Act (PMLA), 2002; They seized cell phones, checkbooks, company stamps, bank cards and other digital evidence. During searches at Charan Raj C’s residence in Bangalore in September 2024, ED officials seized a large number of documents and items linked to the cyber fraud operation; These included company stamps, bank documents, handwritten notes, identity documents and mobile phones, providing crucial evidence. Incriminating WhatsApp conversations revealed the coordination of banking transactions for money laundering through these shell companies.

Eight accused, including Charan Raj C, Kiran SK, Shashi Kumar M and Sachin M, are currently in judicial custody. In a decisive move, ED has frozen Rs 2.81 crore in accounts belonging to Cyber ​​Forest Technology Private Limited, a major entity of the cyber fraud syndicate.

Further investigations are ongoing as ED continues to examine the complex web of transactions and uncover additional international links to the broader syndicate.