ForgeCraft: Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America

CloudSEK's STRIKE team uncovered a China-linked network selling counterfeit U.S. and Canadian driver's license IDs and SSN cards via 83+ domains, generating $785K+ from 6,500+ fake licenses and 4,500+ unique buyers across North America. Controlled HUMINT traced the threat actor's exact geolocation and facial imagery to China. Backed by shell e-commerce fronts, social media ads, and covert shipping, the operation poses severe risks - potentially enabling fraud, trafficking, SIM swaps, and ultimately threatening U.S. national security - while offering actionable intelligence for disruption.