Southeast Asian provider of ‘infrastructure laundering’ for scams is sanctioned by US

A Philippines-based web infrastructure provider is linked to the “majority of virtual currency investment scam websites reported to the FBI,” the U.S. government said in imposing sanctions against the company on Thursday.

Funnull Technology Inc. supports “hundreds of thousands of websites” dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Department’s Office of Foreign Assets Control (OFAC).

U.S.-based victims of websites connected to Funnull “have reported over $200 million in losses, with average losses of over $150,000 per individual,” OFAC said. “These figures likely underestimate the total losses, as many victims of scams do not report the crime.”

The FBI also released a technical advisory with a long list of internet domains linked to Funnull, which cybersecurity researchers have labeled as a provider of “infrastructure laundering.” 

The company facilitates fraud “by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds,” the FBI said. “Funnull acquires these facilities from legitimate providers in the United States and sells them to cyber criminals.”

Investment fraud helps to fuel the Southeast Asian cybercrime ecosystem — a nexus of transnational organized crime, shadowy companies, gambling operations, local militias and scam compounds. Victims often interact directly with a fraudster who pushes them to hand over cryptocurrency to fuel a fake romance or financial opportunity.

The illicit industry is continuing to expand worldwide, a United Nations report warned last month. 

The U.S. also sanctioned Liu Lizhi, a Chinese national that OFAC labeled as an “administrator” of Funnull. 

“Liu was involved in and possessed spreadsheets and other documents containing information about Funnull’s employees, their performance, and their progress on tasks,” OFAC said. “These tasks included assigning domain names to cybercriminals, including domains associated with virtual currency investment fraud, phishing scams, and online gambling sites.”

OFAC cites Liu as having an address in Ganzhou, China. Funnull’s headquarters is listed at an address in the Manila area. Previous reports about the company had suggested it was based in China.

Earlier this year, researchers at cybersecurity company Silent Push analyzed the company’s illicit tactics for renting IP addresses from U.S. providers such as Amazon and Microsoft, which were said to be fighting an “uphill battle” against the operation.

Funnull’s name also surfaced last year after the company acquired the web domain for polyfill, a service known for helping websites bridge compatibility gaps between modern code and older browsers. Afterward researchers found the site injecting malware onto the devices of visitors.