Global Sting Unravels Major SIM Box Crime Ring

Law enforcement agencies dismantled an extensive cyber-as-a-service operation that authorities say was behind a staggering 49 million online accounts used for malicious activity.

Seven individuals were arrested recently in an operation codenamed “SIMCARTEL” by investigators in Austria, Estonia, and Latvia, alongside Europol and Eurojust. The operation busted a criminal network that authorities tied to more than 3,200 cyber fraud cases in Austria and Latvia.

In addition to the arrests, the authorities took down five servers and seized 1,200 SIM box devices alongside 40,000 active SIM cards. The criminal network’s activities ultimately led to a total loss of several million euros, using an infrastructure that Europol described as “highly sophisticated.” The perpetrators used the SIM-box service to create nearly 50 million malicious online accounts for conducting telecommunications-related attacks, amongst other activities.

The criminal network created an online service that provided telephone numbers registered in more than 80 countries for threat actors to use in scams, fraud and cyberattacks, said Europol in the press release.

The SIM cards allowed threat actors to create fake accounts on telecom platforms and social media, which disguised their true identities and locations while carrying out their malicious activities. 

Related:AI Agent Security: Whose Responsibility Is It?

Europol released a video of the “action day” in Latvia where authorities are seen breaking down glass doors to enter rooms where some of the individuals and technological devices were found. Police found what seemed like hundreds of thousands of SIM cards and other materials used in the network’s various operations.

Network Enabled Multitude of Serious Crimes

Additionally, authorities took control of two websites offering illegal services, while suspects’ accounts containing €431,000 and $333,000 were frozen.

Europol said it dismantled the network’s infrastructure with the help of the Shadowserver Foundation, a cybersecurity nonprofit. Dark Reading contacted Shadowserver for comment, but the organization said it doesn’t comment on law enforcement activity as a policy. In a post on social media platform X, Shadowserver said it was proud to “support our Law Enforcement partners in another successful cybercrime disruption.” 

The scale of the network, which Europol said is still being uncovered, allowed criminals to commit “a multitude of serious crimes that would not have been possible at all without masking the perpetrators’ identities.”

Some of these crimes and malicious activities include phishing, smishing, fraud, extortion, migrant smuggling, the impersonation of police officers, the distribution of child sexual abuse materials, and more.

Related:Financial, Other Industries Urged to Prepare for Quantum Computers

The dismantling of this criminal network was part of the European Multidisciplinary Platform Against Criminal Threats (EMPACT), which runs in four-year cycles focusing on EU crime priorities.

In its current cycle, its priorities are identifying and disrupting high-risk criminal networks, targeting criminal offenders orchestrating cyberattacks, disrupting criminal networks engaged in human trafficking, combatting child exploitation, fighting against migrant smuggling, fraud and financial crimes, and more.