I spend my days in fraud networks that most Americans never see: dark web forums, Telegram channels, and marketplaces where stolen identities are bought and sold as commodities. I study them because understanding how these systems work is the only way to stay ahead of them.
What I’m seeing now should worry every American.
Iran, North Korea, Russia and China are not only carrying out cyber attacks against the United States. They are conducting coordinated financial fraud operations within our system – deliberately, systematically, and in ways our defenses could never have detected.
This is no ordinary crime. It’s statesmanship.
ALARMING RISE IN FALSE LEGAL REQUESTS: WHAT IT MEANS FOR YOUR PRIVACY
While policymakers rightly focus on Iranian cyber threats to power grids and water systems, a quieter operation is already underway, and this is one that reaches directly into the U.S. financial system, using the same tools as everyday fraudsters.
Iran
Iran has spent decades building what amounts to a parallel financial network designed to function when access to the formal system is limited.
MALWARE DISCOVERED 3.9 BILLION PASSWORDS FOR HUGE CYBER SECURITY THREAT
It relies on front companies registered in multiple jurisdictions, nominee directors who exist only on paper, and bank accounts opened with stolen or fabricated identities. Each new round of sanctions forces adjustments and each time the system evolves. We see new shell companies appearing and new identities deployed. Funds are routed through intermediaries who cannot see who is actually behind the transactions.
For example, on June 6, 2025, the Office of Foreign Asset Control (OFAC) imposed sanctions on more than 40 individuals and entities associated with the three Zarringhalam brothers – Mansour, Nasser and Fazlolah – brothers for laundering billions through Iran’s ‘shadow banking network’. This network uses exchange houses and front companies in the UAE and Hong Kong to evade sanctions and make money from the sale of oil and petrochemical products.
The operation allows multi-currency payments to flow through international banks on behalf of sanctioned Iranian entities, including military-affiliated groups. Proceeds help finance Iran’s nuclear and missile programs and support terrorist allies.
HOW PASS FRAUD CAN HAPPEN WITHOUT USING THE CARD
North Korea
North Korea’s approach is even more direct.
The regime has placed IT workers within US companies using fabricated identities. These are not low level scams. The identities are constructed from stolen personal information, purchased documents, and in some cases completely synthetic profiles built to pass employment verification.
AI CYBER SECURITY RISKS AND DEEPFAKE SCAMS ARE INCREASING
These employees receive legitimate salaries, which flow into accounts that end up in the money laundering pipelines. The money moves through layers of transactions designed to resemble ordinary retail banking activities until its origins are effectively invisible.
Each new round of sanctions forces adjustments and each time the system evolves. We see new shell companies appearing and new identities deployed. Funds are routed through intermediaries who cannot see who is actually behind the transactions.
Russia and China
Russia plays a different role: supplier.
ARREST OF CHINESE NATIONALS IN SWING STATE, ISRAEL’S STRUGGLE WITH IRAN ITS ‘WAKE-UP’ CALL FOR CCP THREAT: EXPERTS
Infostealer’s malware operations collect Social Security numbers, birth dates, and account information from millions of Americans. That data fuels the dark web markets where identity components are packaged and sold to criminals and foreign state actors alike.
China, on the other hand, is playing a long game. In 2015, Chinese state actors breached the Office of Personnel Management, exposing sensitive data on 21.5 million people. That was one of the most impactful intelligence windfalls in recent times, and it created a durable identity dataset detailed enough to build, verify, and maintain false identities at scale.
That data did not disappear after the breach. It has circulated for years in underground markets, where it can be combined with other stolen information to construct identities that pass financial and employment checks.
In other words, China hasn’t just stolen data. It helped create the identity ecosystem that others — including Iran and North Korea — can now exploit.
CLICK HERE FOR MORE FOX NEWS ADVICE
The shared infrastructure problem
What makes this so difficult to combat is that none of these states are conducting a separate, exotic operation. They are the biggest users of the same global identity fraud ecosystem that common criminals exploit. The same platforms for document forgery. The same AI-curated selfie tools used to bypass identity checks. The same Telegram channels and dark web markets. The difference is not in the tooling. It’s about who has it in their hands and what they want to do with it.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Our financial defenses are built to catch criminals. They screen names against sanctions lists. They signal behavioral abnormalities. They check documents. None of that is enough if the adversary has the patience to cultivate an identity for years before activating it, and the resources of a state intelligence agency are behind every step.
I watch these networks every day. The infrastructure our enemies rely on is not hidden. It operates openly, in the same places where domestic criminals operate, using the same playbook. And in some cases, these states aren’t just the largest users of that shared infrastructure. They are the main suppliers. Russia’s infostealer operations produce the raw identity components that end up in the structures of Iranian front companies. The Chinese OPM breach produced a dataset that has since been circulating on the dark web markets. The question is whether American institutions are prepared to treat this as a threat to national security. Right now, most aren’t.
