With Myanmar now well into its fifth year of military rule, the country’s 54 million people continue to suffer what the United Nations Development Programme (UNDP) has described as an “unprecedented polycrisis” marked by widespread conflict, a devastated economy, and a deteriorating public health and education system.
While outside powers, including the Association of Southeast Asian Nations (ASEAN), have focused their efforts on halting hostilities and ensuring humanitarian access, the situation in cyberspace has attracted less attention. Yet, it is worth reviewing the three major recent developments that highlight the current state of Myanmar’s military-controlled cyberspace.
Cybercrime Rampage
The first development has been the alarming proliferation of cybercrime in Myanmar, in particular, online scam mills that run cyber fraud, “pig-butchering” scams, and unauthorized online gambling operations.
Cybercrime operations have been plaguing Myanmar and its neighbors for much of the past decade, but these cyber-enabled scamming activities did not take root on a large scale until the COVID-19 pandemic and the coup d’état of February 1, 2021, which combined to produce what the United Nations Office on Drugs and Crime (UNODC) has described as a “scamdemic” in Myanmar.
Myanmar’s fractured state jurisdictions have provided the ideal conditions for these criminal operations to take root. According to the Armed Conflict Location & Event Data, Myanmar currently ranks second on the Conflict Index, with the greatest number of active non-state armed groups of any nation in the world. The most recent Global Organized Crime Index also rated Myanmar as the nation most susceptible to criminality.
Compounding these problems are the increasingly sophisticated frauds that have been powered by deepfakes, generative AI, and crypto technologies. Around $100 million of crypto inflows were traced from just two random addresses in Myanmar, according to a sampled on-chain analysis by Chainalysis and the International Justice Mission’s Global Fusion Center. A United Nations Myanmar blog post in November 2024 also flagged the rise of AI-powered organized crime as a “rapidly evolving threat.”
Despite their seriousness, intergovernmental coordination against scam operations only stepped up substantially in the past few months, after the abduction of several high-profile foreign public figures. Nonetheless, these advanced technologies have enabled better disguises and greater efficiency for criminals to make pseudonymous transactions and tailor convincing materials to potential scamees, bolstering cybercrime syndicates and luring more cyberslaves into their operations.
Cybersecurity Regulated; Connectivity Restricted
The second prominent development was the military junta’s enactment of the Cybersecurity Law, which came into force on January 1, 2025. The law’s 88 provisions have imposed new license requirements for cybersecurity and digital platform service providers and stipulations on electronic information handling and dissemination, while outlawing acts of vaguely defined “cyber misuse.”
Among the most notable aspects of the Cybersecurity Law are the restrictions and penalties for the use of virtual private networks (VPNs). Contrary to an outright ban against the use of VPN technology first proposed in its 2022 draft, the enacted version only criminalizes the unauthorized establishment and provision of VPN services. The shift by the Ministry of Transportation and Communication was first reflected in its “E-Governance Master Plan 2030,” published in November 2023, which acknowledged VPNs’ role in protecting network traffic and internet connections.
Since the coup d’etat, the State Administration Council (SAC) has had the control to forcibly intercept, surveil, censor, and shut down the internet intermittently and in a targeted manner. By the end of May 2024, the SAC had broadened its powers with a directive to internet service providers (ISPs) on nationwide VPN service blockages. Around the same time, the junta also ramped up physical inspections of civilians’ electronic devices to check for VPN services in addition to preexisting stop-and-searches of suspicious content. People found using VPN services were reportedly mulcted or detained.
Although an SAC military official contended that VPN users who do not pose a threat to national security would not be detained and the Cybersecurity Law does not explicitly criminalize the use of VPN services, disabling and restricting the provision of VPN services is the latest blow to internet access in Myanmar.
Following the enhanced ISP blocking of VPN services, there has been an uptick in Starlink service usage across the country. Although the Elon Musk-owned satellite internet service has not been authorized per Myanmar’s Telecommunications Law, resistance groups started setting up Starlink satellite-based services in mid-2023. According to the latest estimate by the Myanmar Internet Project, there could be over 3,000 smuggled Starlink dishes active across the nation.
Now deemed “the only viable solution” for non-restrictive and stable internet access in Myanmar, Starlink service charges in the country are now over seven times the market price. The price surge shifted the direct market from individual end-users to internet cafes, rebel groups, and, increasingly, cyber scam mills, where Starlink devices were confiscated in recent raids on cybercrime compounds. Starlink devices have become particularly important in keeping cybercrime syndicates online after Thailand cut off internet connections to Myanmar scam sanctuaries.
However, among the most notable aspects of the Cybersecurity Law is that it did not directly address the various rampant criminal activities taking place in cyberspace and contained only one clause criminalizing the establishment of online gambling operations.
While further actions on this front could be forthcoming, the current skew towards regulating information, service provision, and civilians’ behaviors on the internet, instead of the resilience of internet infrastructure and efforts to combat cybercrime, reflects the SAC’s priorities.
Cyber Sovereignty Reinforced
The third major trend has been the junta’s efforts to strengthen its ties to Russia and China in order to bolster its international recognition. This has also allowed the SAC to enhance its control of the digital economy and cyberspace using technologies and ideological frameworks promoted by these powers.
In 2024, Russia began providing the SAC with solutions for the protection of information and transmission systems, cyberspace analysis, and crackdowns on “illegal content” as part of the two nations’ steady advancements in economic and security relations.
This came after the cooperation agreement on information security that was signed in December 2023, in which the Kremlin and the SAC agreed to develop joint measures to counter cyber threats. Emphasizing the sovereign rights of states to the information sphere and internet governance, they were particularly wary of the threats associated with the use of ICT for purposes including undermining state security and interfering in internal affairs.
These efforts align with Russia’s notion of “indivisible security” – the very phrase that it has used to justify the ongoing war against Ukraine and assert its influence in global security. This idea proclaims that the security of one country should not compromise that of others, although its interpretation licenses interventions in a foreign country in order to protect a nation’s own sovereignty.
The principles of “indivisible security” have also been reinforced through the junta’s endorsement of China’s Global Security Initiative (GSI), to which the SAC vowed immediate support during Chinese Foreign Minister Wang Yi’s first official visit to junta-controlled Myanmar in 2022.
First announced by Chinese President Xi Jinping in April 2022, the GSI posits a “common, comprehensive, cooperative, and sustainable security” with respect to the sovereignty and territorial integrity of all states across traditional and non-traditional fields, including the internet. Aside from this, Chinese technologies have been deployed to facilitate the junta’s intensified VPN blockages.
Most recently, in the name of Myanmar’s overall security and the safety of Chinese personnel and assets, China put forward a proposal that would allow the pending joint Myanmar-China security firm to have the authority to permit import, control, and oversee the use of weapons and communications technology in the Mekong nation.
The SAC’s Cybersecurity Law now also has stronger language and provisions reflecting the principles of indivisible security than the drafts, stating that its objective is “to protect and safeguard the sovereignty and stability of the nation.” The adoption of this ideological framework, against a backdrop of rising Russian and Chinese influence in the global security architecture, has helped strengthen the junta’s nationwide digital surveillance system.
Given that the internet is border-agnostic by nature, such an emphasis on sovereignty in cyberspace poses another threat to Myanmar’s digital freedom, since such principles often translate to stringent controls over information flows and internet access.
Gloomily, Myanmar’s cyberspace could be further constricted in the lead-up to the junta’s planned general election, which it now hopes to hold by January 2026. Given the junta’s need to ensure a favorable outcome to the election, it is likely to double down on cyber surveillance and restrictions to censor online information, control public perceptions, and clamp down on dissenting voices throughout the electoral cycle.
At the same time, it says a lot that the junta has prioritized this over the rampant cybercrime operations that continue to take place in Myanmar. This also exposed the fractured authority across Myanmar, with the SAC only fully controlling around 21 percent of the country’s territory, while fraud syndicates are now moving deeper into the nation in response to crackdowns.
As thousands of cyberslaves have been repatriated from Myanmar in recent weeks, mostly from areas under the control of autonomous militias, their stories have alerted the world to the crises incurring in and stemming from Myanmar’s cyberspace. Along with draconian cyber regulations and ubiquitous digital repression, recent events point to the seriousness of the challenges stemming from Myanmar’s repressive cyberspace.