CloudSEK Logo
September 18, 2025

ForgeCraft: Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America

CloudSEK's STRIKE team uncovered a China-linked network selling counterfeit U.S. and Canadian driver's license IDs and SSN cards via 83+ domains, generating $785K+ from 6,500+ fake licenses and 4,500+ unique buyers across North America. Controlled HUMINT traced the threat actor's exact geolocation and facial imagery to China. Backed by shell e-commerce fronts, social media ads, and covert shipping, the operation poses severe risks - potentially enabling fraud, trafficking, SIM swaps, and ultimately threatening U.S. national security - while offering actionable intelligence for disruption.

Authors & Contributors

سوره ماجومدر
إبراهيم الصيفي
Passionate about offensive security and cyber threat intelligence, the author focuses on uncovering real-world vulnerabilities, analyzing cybercrime infrastructure, and assessing business risks through adversarial thinking. With experience in vulnerability chaining, threat monitoring, and dark web reconnaissance, his work contributes to helping organizations strengthen their security posture and proactively address emerging threats.
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

ForgeCraft: Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America

Download ReportSchedule a demo

CloudSEK's STRIKE team uncovered a China-linked network selling counterfeit U.S. and Canadian driver's license IDs and SSN cards via 83+ domains, generating $785K+ from 6,500+ fake licenses and 4,500+ unique buyers across North America. Controlled HUMINT traced the threat actor's exact geolocation and facial imagery to China. Backed by shell e-commerce fronts, social media ads, and covert shipping, the operation poses severe risks - potentially enabling fraud, trafficking, SIM swaps, and ultimately threatening U.S. national security - while offering actionable intelligence for disruption.

This is some text inside of a div block.
Threat Adversary Intelligence

ForgeCraft: Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America

September 18, 2025
This is some text inside of a div block.
min

CloudSEK's STRIKE team uncovered a China-linked network selling counterfeit U.S. and Canadian driver's license IDs and SSN cards via 83+ domains, generating $785K+ from 6,500+ fake licenses and 4,500+ unique buyers across North America. Controlled HUMINT traced the threat actor's exact geolocation and facial imagery to China. Backed by shell e-commerce fronts, social media ads, and covert shipping, the operation poses severe risks - potentially enabling fraud, trafficking, SIM swaps, and ultimately threatening U.S. national security - while offering actionable intelligence for disruption.

This is some text inside of a div block.
This is some text inside of a div block.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.