Print Print    Close Close

Iran and its allies are committing epic financial fraud in America. I watch it happen every day

By David Maimon

Published April 24, 2026

Fox News
Iran steps up cyberattacks on US Video

I spend my days inside fraud networks most Americans never see — dark web forums, Telegram channels and marketplaces where stolen identities are bought and sold like commodities. I study them because understanding how these systems work is the only way to stay ahead of them.

What I’m seeing right now should concern every American.

Iran, North Korea, Russia and China are not just conducting cyberattacks against the United States. They are running coordinated financial fraud operations inside our system — deliberately, systematically and in ways our defenses were never designed to detect.

This isn’t ordinary crime. It’s statecraft.

ALARMING RISE OF FAKE LEGAL REQUESTS: WHAT IT MEANS FOR YOUR PRIVACY

The flags of Iran and its allies North Korea, Russia and China with the earth in the background.

Iran and its allies Russia, China and North Korea are using cyber crimes to push a financial war against the US. (Fox News)

While policymakers rightly focus on Iranian cyber threats to power grids and water systems, a quieter operation is already underway, and this is one that reaches directly into the U.S. financial system using the same tools as everyday fraudsters.

Iran

Iran has spent decades building what amounts to a parallel financial network that is designed to function when access to the formal system is restricted.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

It relies on front companies registered across multiple jurisdictions, nominee directors who exist only on paper and bank accounts opened with stolen or fabricated identities. Each new round of sanctions forces adaptation and, each time, the system evolves. We see new shell companies appear and new identities being deployed. Funds are routed through intermediaries that cannot see who is actually behind the transactions.

For example, on June 6, 2025, the Office of Foreign Asset Control (OFAC) sanctioned over 40 individuals and entities linked to the three Zarringhalam brothers — Mansour, Nasser, and Fazlolah --brothers for laundering billions through Iran’s "shadow banking" network. This network uses exchange houses and front companies in the UAE and Hong Kong to evade sanctions and move funds from oil and petrochemical sales.

Pro-Iran hackers target medical device company in cyberattack Video

The operation enables payments to flow through international banks in multiple currencies on behalf of sanctioned Iranian entities, including military-linked groups. Proceeds help finance Iran’s nuclear and missile programs as well as support terrorist proxies.

HOW DEBIT CARD FRAUD CAN HAPPEN WITHOUT USING THE CARD

North Korea

North Korea’s approach is even more direct.

The regime has placed IT workers inside U.S. companies using fabricated identities. These are not low-level scams. The identities are constructed from stolen personal information, purchased documents, and in some cases fully synthetic profiles built to pass employment verification.

AI CYBERSECURITY RISKS AND DEEPFAKE SCAMS ON THE RISE

Those workers draw legitimate salaries, which flow into accounts that feed into laundering pipelines. The money moves through layers of transactions designed to look like ordinary retail banking activity, until its origin is effectively invisible.

Each new round of sanctions forces adaptation and, each time, the system evolves. We see new shell companies appear and new identities being deployed. Funds are routed through intermediaries that cannot see who is actually behind the transactions.

Russia and China

Russia plays a different role: supplier.

ARREST OF CHINESE NATIONALS IN SWING STATE, ISRAEL'S FIGHT WITH IRAN ARE 'WAKE UP' CALL ON CCP THREAT: EXPERTS

Infostealer malware operations harvest Social Security numbers, dates of birth and account credentials from millions of Americans. That data feeds dark web markets where identity components are packaged and sold to criminals and foreign state actors alike.

China, by contrast, plays a long game. In 2015, Chinese state actors breached the Office of Personnel Management, exposing sensitive data on 21.5 million people. That was one of the most impactful intelligence windfalls of recent times and it created a durable identity dataset that has been detailed enough to build, verify and sustain false identities at scale.

That data didn’t disappear after the breach. It has circulated for years in underground markets, where it can be combined with other stolen information to construct identities that pass financial and employment checks.

In other words, China didn’t just steal data. It helped seed the very identity ecosystem that others — including Iran and North Korea — can now exploit.

Iran might target American infrastructure in cyberattack, ex-White House official warns Video

CLICK HERE FOR MORE FOX NEWS OPINION

The shared infrastructure problem

What makes this so hard to confront is that none of these states are running a separate, exotic operation. They are the heaviest users of the same global identity fraud ecosystem that ordinary criminals use. The same document forgery platforms. The same AI-composited selfie tools used to defeat identity verification checks. The same Telegram channels and dark web markets. The difference is not the tooling. It is who is holding it and what they intend to do with it.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Our financial defenses were built to catch criminals. They screen names against sanctions lists. They flag behavioral anomalies. They check documents. None of that is sufficient when the adversary has the patience to cultivate an identity over years before activating it, and the resources of a state intelligence agency behind every step.

I watch these networks every day. The infrastructure our enemies rely on is not hidden. It is operating openly, in the same places domestic criminals operate, using the same playbook. And in some cases, these states are not just the heaviest users of that shared infrastructure. They are its primary suppliers. Russia's infostealer operations produce the raw identity components that end up in Iranian front company structures. China's OPM breach seeded a dataset that has been circulating in dark web markets ever since. The question is whether American institutions are prepared to treat that as the national security threat it is. Right now, most of them are not.

Dr. David Maimon is the head of Fraud Insights at SentiLink.

Print Print    Close Close

URL

https://www.foxnews.com/opinion/iran-allies-committing-fraud-inside-americas-financial-system-watch-happen-every-day

  • Home
  • Video
  • Politics
  • U.S.
  • Opinion
  • Entertainment
  • Tech
  • Science
  • Health
  • Travel
  • Lifestyle
  • World
  • Sports
  • Weather
  • Privacy
  • Terms

This material may not be published, broadcast, rewritten, or redistributed. © FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by LSEG. Do Not Sell my Personal Information - New Terms of Use - FAQ