The United Nations Office for Drugs and Crime (UNODC) has highlighted the extensive use of the popular messaging app Telegram by powerful criminal networks operating out of Southeast Asia. The report, which exposes the role of the encrypted app in facilitating large-scale illicit activity, underscores how technology has transformed organized crime on a global scale.
The findings shed light on a growing threat, as criminal groups exploit Telegram’s sprawling, loosely moderated channels to trade hacked data, cybercrime tools, and even engage in money laundering through unlicensed cryptocurrency exchanges. Southeast Asia, in particular, has become a nerve center for a multibillion-dollar industry specializing in cyber-enabled fraud and other forms of organized crime.
The report by UNODC reveals how criminal networks in Southeast Asia have embraced technology to enhance their operations, moving much of their illicit activity to platforms like Telegram. The encrypted nature of the app and the ability to host massive, anonymous channels have allowed criminal groups to evade detection, making it a prime choice for illegal transactions.
Among the most concerning trends is the open trade of hacked data. The report details how credit card details, passwords, and browser histories are sold on a vast scale through Telegram’s channels. These underground data markets have flourished on the app, where users face little risk of being shut down due to limited moderation.
Cybercriminals also use Telegram to sell tools such as data-stealing malware and deepfake software. Deepfakes, powered by artificial intelligence, have become a favorite tool for fraudsters, who use them to create convincing yet entirely fabricated images, videos, or audio clips for scams and identity theft.
According to the report, these services are particularly aimed at criminal groups in Southeast Asia, where technological innovation is now deeply integrated into illicit operations. One advertisement highlighted in the report brags, “We move 3 million USDT stolen from overseas per day,” referring to the popular cryptocurrency Tether, pegged to the US dollar.
Southeast Asia has emerged as a hotbed for criminal organizations that use technology to scale their operations. Chinese syndicates operating out of fortified compounds, often staffed by trafficked workers, are some of the most notorious examples. These criminal groups specialize in elaborate schemes designed to defraud individuals and organizations across the world. The scale of their operations is staggering, with the industry estimated to generate between US$27.4 billion to US$36.5 billion annually, according to the UNODC.
What makes the situation more dire is the region’s connectivity and tech-savvy population, which criminal groups exploit to develop increasingly sophisticated fraud techniques. While some of these organizations are geographically isolated within high-security compounds, their operations span the globe through online platforms.
Hofmann, the UNODC’s deputy representative for Southeast Asia and the Pacific, stressed the dangers these developments pose to individuals worldwide. “For consumers, this means their data is at a higher risk of being fed into scams or other criminal activity than ever before,” he told Reuters, underlining how seamless the criminal infrastructure has become on Telegram.
Telegram’s popularity has skyrocketed over recent years, with its user base nearing 1 billion globally. Its encrypted messaging service, combined with the ability to create large public channels and private groups, has attracted not only regular users but also cybercriminals. According to the UNODC report, there is “strong evidence of underground data markets moving to Telegram and vendors actively looking to target transnational organized crime groups based in Southeast Asia.”
Telegram’s anonymity and encrypted messaging have long been a point of controversy. While the platform was originally praised for its stance on privacy, it has increasingly faced criticism for allowing illegal activities to proliferate. In its unregulated environment, groups can operate virtually unchecked. Channels selling drugs, weapons, and even human trafficking operations have been discovered in the past, and now the app is seeing a surge in cybercrime activities.
One of the most significant concerns is Telegram’s use for unlicensed cryptocurrency exchanges, which are instrumental in money laundering. Criminal groups use cryptocurrencies like Bitcoin or Tether (USDT) for their transactions because of their pseudonymous nature, making it harder for law enforcement agencies to track illegal financial flows.
Telegram’s founder and CEO, Pavel Durov, has found himself under increasing legal scrutiny. Durov, the Russian-born entrepreneur who developed the app, was arrested in Paris in August 2024 and charged with allowing criminal activity on the platform, including the spread of child sexual abuse material. His arrest marks a pivotal moment in the ongoing debate over tech platforms’ responsibility to moderate illegal content and cooperate with law enforcement.
French authorities used a stringent new law, unique in its scope, to bring charges against Durov, holding him accountable for the illegal activities facilitated on Telegram. The law gives France significant power to prosecute platform owners who allow criminal activity to persist unchecked on their services.
Following his arrest, Durov, who is currently out on bail, announced that Telegram would start cooperating more with law enforcement, including handing over users’ IP addresses and phone numbers when legally required. He also indicated that the app would introduce changes aimed at curbing the abuse of certain features. However, critics remain skeptical about the app’s ability to effectively moderate its vast ecosystem, which includes millions of channels, groups, and users.
One of the most disturbing trends highlighted in the UNODC report is the widespread availability of deepfake software for criminal purposes. This technology, which uses machine learning to create highly realistic fake videos and images, has become a critical tool for cybercriminals engaging in fraud and identity theft.
The report identified more than 10 deepfake service providers that are “specifically targeting criminal groups involved in cyber-enabled fraud in Southeast Asia.” These providers offer tailored services to help scammers create convincing videos or audio clips, which can be used to impersonate individuals or fabricate evidence for fraudulent schemes.
Deepfakes represent a significant challenge for law enforcement, as they make it increasingly difficult to distinguish between authentic and manipulated content. This technology has already been used in cases of fraudulent business transactions, where scammers use deepfake audio or video to trick victims into transferring large sums of money.
The criminal activities flourishing on Telegram are not confined to Southeast Asia. They have far-reaching global consequences, affecting countries and individuals worldwide. In South Korea, where deepfake pornography has become a widespread issue, police have launched an investigation into Telegram’s role in facilitating online sex crimes. South Korea is estimated to be the country most targeted by deepfake pornography, and authorities are now considering whether Telegram’s lax moderation policies have abetted these crimes.
Meanwhile, in India, the popular insurer Star Health was targeted by a hacker using Telegram chatbots to leak vast amounts of sensitive customer data. Reuters revealed that using these chatbots, it was possible to download policy and claims documents containing personal information such as names, phone numbers, tax details, and even medical diagnoses. The incident prompted Star Health to file a lawsuit against Telegram, seeking accountability for the platform’s role in the data breach.
As technology continues to evolve, the intersection of privacy, freedom of speech, and law enforcement remains a contentious issue. Telegram’s widespread use among criminals poses significant questions about the balance between individual privacy and the need for platforms to take greater responsibility for the content shared through their services.
While Pavel Durov’s recent legal troubles and Telegram’s promises of reform signal a potential shift, experts are divided on whether these measures will be enough to curb the platform’s role in facilitating criminal activity. The sheer scale of the illicit operations being run through the app—spanning data theft, money laundering, and cyber fraud—underscores the need for a global regulatory framework that can address the unique challenges posed by encrypted messaging apps.
The UNODC’s report serves as a wake-up call to governments and tech companies alike. As criminal networks grow more technologically advanced, so too must the tools and strategies employed by law enforcement. Platforms like Telegram, which were once seen as a beacon of free speech and privacy, are now under intense scrutiny for their role in enabling a new era of cybercrime.