Organised crime groups known for orchestrating large-scale scams in Southeast Asia are now establishing operations in Pacific regions, according to a recent alert from the United Nations Office on Drugs and Crime (UNODC).
This development follows a law enforcement operation in August 2025 in Oecusse-Ambeno, a Special Administrative Region of Timor-Leste, where authorities identified evidence of scam activities with links to Asian triads.
Over the last five years, scam centres in countries such as Cambodia, Myanmar, and Laos have generated an estimated $60 billion in annual losses for victims worldwide. These operations, often run from secured compounds, leverage advanced technologies – including artificial intelligence-driven deepfake tools – to facilitate fraudulent investment schemes and other cybercrimes.
As enforcement efforts increase in Southeast Asia and China, criminal groups are seeking new locations with less stringent oversight, according to a report by ABC.
A UNODC report stated: “What is currently being observed in Timor-Leste shares stark similarities to what was seen in the early stages of the current scam centre crisis in Mekong countries and the Philippines.”
The report also noted that similar activities may be underway in other Pacific jurisdictions with limited regulatory controls.
Oecusse-Ambeno was designated a free trade zone in late 2024, a move intended to attract investment and business activity. However, this status has also drawn the attention of organised crime, which has exploited the region’s regulatory environment.
Authorities have discovered items such as SIM cards and satellite internet devices, which the UNODC identifies as indicators of online scam operations.
Dr. Anton Moiseienko, a financial crime specialist at the Australian National University, explained that free trade zones often have lighter regulatory requirements, making them attractive for illicit actors.
“This makes it easier for overseas criminal groups to establish a foothold in the jurisdiction while concealing their criminal operations,” he said, as reported by ABC.
He added that the influx of commercial activity, combined with limited oversight, can create opportunities for criminal enterprises to blend in with legitimate businesses.
During the August enforcement action, approximately 30 foreign nationals from Indonesia, Malaysia, and China were detained. The UNODC noted that some of those detained had university degrees, suggesting a trend toward more professionalised scam operations.
The UNODC also identified connections between the Oecusse-Ambeno scam operations and Wan Kuok Koi, also known as “Broken Tooth,” a figure associated with the 14K triad.
A company with ties to Wan, focused on offshore online gambling, was found to be active in the region. According to the UNODC, this network is involved in money laundering and has been linked to online gambling and scam infrastructure in other jurisdictions.
The report described how criminal groups use shell companies, professional services, and multiple identities to avoid detection, often embedding illegal operations within legitimate business frameworks.
The UNODC said: “Part of this infrastructure includes an autonomous system hosting suspicious websites and applications that present themselves as legitimate lottery services but in practice facilitate fraud and illicit gambling.”
For the Australian insurance sector, the proximity of these operations may increase the risk of cyber-related claims and financial crime exposures.
The trend highlights the importance of robust cyber risk assessment, cross-border intelligence sharing, and ongoing vigilance in underwriting and claims management.
Australian organisations experienced a notable increase in cyber threats in August 2025, according to WatchGuard Technologies. The company’s data indicates that 5,383 malware incidents were detected nationwide during the month, averaging nearly 180 per day.
Network-based attacks were even more frequent, with over 65,000 attempts blocked – representing more than 2,100 per day.
Most malware detected consisted of previously known variants, but 7% were classified as zero-day threats, which are typically more challenging to defend against.
WatchGuard’s analysis showed that while Australia accounted for just over 1% of malware detections in the Asia-Pacific region, it represented 57% of blocked network attacks.
