New Delhi, Dec 14: The Central Bureau of Investigation (CBI) has filed a chargesheet against 17 individuals, including four Chinese nationals, and 58 companies for allegedly orchestrating a transnational cyber crime syndicate that defrauded victims of over ₹1,000 crore through a vast network of shell companies and digital scams, officials said on Sunday.
The investigation revealed that the accused operated as a single, well-coordinated racket, using an elaborate digital and financial ecosystem to run fraudulent loan apps, fake investment schemes, Ponzi and multi-level marketing operations, bogus part-time job offers and deceptive online gaming platforms.
According to the chargesheet, illicit proceeds amounting to around ₹1,000 crore were layered through 111 shell companies and multiple mule bank accounts, with one account alone receiving over ₹152 crore within a short period. The shell firms were allegedly floated using dummy directors, forged or misleading documents, fake addresses and false declarations of business activities.
“These shell entities were used to open bank and merchant accounts with various payment gateways, facilitating rapid layering and diversion of proceeds of crime,” a CBI spokesperson said.
The agency traced the origins of the fraud network to 2020, during the COVID-19 pandemic, when the shell companies were allegedly incorporated on the instructions of four Chinese handlers — Zou Yi, Huan Liu, Weijian Liu and Guanhua Wang. Indian associates are accused of procuring identity documents of unsuspecting individuals to set up shell companies and mule accounts to launder the scam proceeds and mask the money trail.
The probe established communication links and operational control exercised by the Chinese masterminds from abroad. “Notably, a UPI ID linked to bank accounts of two Indian accused was found active in a foreign location as late as August 2025, conclusively establishing continued foreign control and real-time operational oversight of the fraud infrastructure,” the CBI said.
Investigators found that the syndicate adopted a technology-intensive modus operandi, using Google advertisements, bulk SMS campaigns, SIM-box messaging systems, cloud infrastructure, fintech platforms and numerous mule accounts. Each stage of the operation, from targeting victims to collection and movement of funds, was structured to conceal the identities of the real controllers and evade law enforcement scrutiny.
The case was registered following inputs from the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, which flagged large-scale online cheating through investment and employment scams. Three arrests were made in October after the racket was busted.
Though the complaints initially appeared unrelated, the CBI said a detailed analysis revealed common applications, fund-flow patterns, payment gateways and digital footprints, indicating an organised conspiracy. Subsequent searches were conducted at 27 locations across Karnataka, Tamil Nadu, Kerala, Andhra Pradesh, Jharkhand and Haryana, leading to the seizure of digital devices, documents and financial records, which were later subjected to forensic examination. (Agencies)
