THU 02 JUL 2026 · GMT EDITION A WHITESTONE INTELLIGENCE PUBLICATION
MARKETS · CYBER · MEMOS · MODELS
DAILY ISSUES26 MAY27 MAY28 MAY29 MAY30 MAY31 MAY01 JUN02 JUN03 JUN04 JUN05 JUN06 JUN07 JUN08 JUN09 JUN10 JUN11 JUN12 JUN13 JUN14 JUN15 JUN16 JUN17 JUN18 JUN19 JUN21 JUN22 JUN23 JUN24 JUN25 JUN26 JUN27 JUN28 JUN29 JUN30 JUN01 JUN02 JUNALL ›
FRONT PAGE / CYBER / CYB-2026-06-04-F1
CYBER · cyber policy · 2026-06-04SCOOP 71

Meta, Microsoft and DOJ-led strike force dismantles Southeast Asian scam-center infrastructure; 63 arrested

Meta, Microsoft, Coinbase, SpaceX and other technology companies announced a joint disruption of criminal scam networks in Southeast Asia alongside the U.S.

·FILED ISSUE 2026-06-04·1 MIN READ·RE-VERIFIED 2026-07-02 UTC·✓ RE-VERIFIED 2026-07-02

At a glance

  • Meta, Microsoft, Coinbase, SpaceX and others joined DOJ, FBI and Royal Thai Police in coordinated operations across Washington DC and Bangkok
  • 1.4 million Facebook/Instagram accounts, pages and groups, 20,000 Microsoft accounts and thousands of Starlink kits were disrupted
  • Royal Thai Police arrested 63 individuals involved in scam operations
  • More than $3.8 million in cryptocurrency used to launder funds stolen from Americans was frozen, per DOJ
  • The Scam Center Strike Force held its first in-person meetings in Washington May 18-21 before the operation

VERDICT — CONFIRMED

curated-2src confidence · primary + corroborating sources verified · re-verified 2026-07-02 UTC
Meta, Microsoft and DOJ-led strike force dismantles Southeast Asian scam-center infrastruc
Meta

Meta, Microsoft, Coinbase, SpaceX and other technology companies announced a joint disruption of criminal scam networks in Southeast Asia alongside the U.S. Department of Justice, the FBI and the Royal Thai Police, in coordinated operations spanning Washington, D.C. and Bangkok.

The action, unveiled overnight into June 4, followed the first in-person meetings of the "Scam Center Strike Force" in Washington from May 18 to May 21. More than a million online assets were disrupted — including 1.4 million accounts, pages and groups across Facebook and Instagram, 20,000 Microsoft accounts, and thousands of Starlink kits used by scam compounds — and the Royal Thai Police arrested 63 individuals involved in scam operations.

According to the DOJ, information shared between U.S. government agencies and private-sector partners — which also included Silent Push, TRM Labs and Zenlayer — led to the freezing of more than $3.8 million in cryptocurrency used to launder funds stolen from Americans. The targeted syndicates ran romance scams, investment fraud and operations tied to scam compounds staffed through forced labor.

Why it matters

the strike-force model — platforms, cloud providers, satellite internet and crypto exchanges acting in concert with law enforcement — is the most comprehensive infrastructure-level assault yet on the pig-butchering economy, hitting connectivity, accounts and money flows simultaneously.

Key facts on file

  • Meta, Microsoft, Coinbase, SpaceX and others joined DOJ, FBI and Royal Thai Police in coordinated operations across Washington DC and Bangkok
  • 1.4 million Facebook/Instagram accounts, pages and groups, 20,000 Microsoft accounts and thousands of Starlink kits were disrupted
  • Royal Thai Police arrested 63 individuals involved in scam operations
  • More than $3.8 million in cryptocurrency used to launder funds stolen from Americans was frozen, per DOJ
  • The Scam Center Strike Force held its first in-person meetings in Washington May 18-21 before the operation

PRIMARY SOURCE

Meta Newsroom
— (2026-06-03) · fetched at filing · archived at publication

Sources · two-source rule

PRIMARYMeta Newsroom— (2026-06-03)
CORROB.The Crypto Times— (2026-06-04)
CORROB.Security Boulevard— (2026-06-04)
Share
Filed by the Cyber desk · verified by the verification desk · re-verified 2026-07-02 · Our standards: the two-source rule ›
CITE THIS FILE — The Dossier Wire · cyb-2026-06-04-f1 · filed 2026-06-04 · https://thedwire.com/wire/cyb-2026-06-04-f1-meta-microsoft-and-doj-led-strike-force-dismantles.html · Primary and corroborating sources listed above; archived at publication. Republishing & licensing: hello@thedwire.com.
More from Cyber FULL DESK ›
Critical Magento RCE CVE-2026-45247 in Mirasvit Cache Warmer exploited within da
CYBER · SCOOP 74

Critical Magento RCE CVE-2026-45247 in Mirasvit Cache Warmer exploited within days; CISA adds to KEV June 3

CISA added CVE-2026-45247 to its Known Exploited Vulnerabilities catalog on June 3, 2026, a critical (CVSS 9.8) PHP object-injection / deserialization-of-untrusted-data flaw in the Mirasvit Full Page Cache Warmer extension for Magento 2 (Adobe Commerce). Unauthenticated attackers can achieve remote code execution by supplying a crafted se

✓ verifiedSOURCE ↗
READ THE FILE ›
CISA adds 2022 Linux cgroups container-escape bug CVE-2022-0492 to KEV after fre
CYBER · SCOOP 70

CISA adds 2022 Linux cgroups container-escape bug CVE-2022-0492 to KEV after fresh in-the-wild exploitation

CISA added CVE-2022-0492 to its Known Exploited Vulnerabilities catalog on June 2, 2026, confirming active in-the-wild exploitation of a four-year-old Linux kernel flaw with a CVSS score of 7.8. The bug is an improper-authentication/missing-authorization defect (CWE-287, CWE-862) in the cgroup_release_agent_write() function of the cgroups

✓ verifiedSOURCE ↗
READ THE FILE ›
Microsoft reverses 'never justifiable' zero-day stance, vows not to pu
CYBER · SCOOP 85

Microsoft reverses 'never justifiable' zero-day stance, vows not to pursue researchers as Nightmare-Eclipse feud spreads

Microsoft publicly walked back an aggressive disclosure stance on June 1-2, 2026 after community backlash. Days earlier (a blog post ~May 28) Microsoft had branded uncoordinated public zero-day disclosures 'never justifiable,' implied legal exposure for those enabling cybercrime, and noted its Digital Crimes Unit would keep bringing cases

exclusivecorrected · see fileSOURCE ↗
READ THE FILE ›

The morning wire in your inbox — every brief, primary sources linked, no noise.

Free tier. The Wire — continuous desk briefs · Records archive · Bureau alerts.

Stored to the wire's subscriber list. No spam, unsubscribe any time.