CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

SIM-box operation dismantled, enabling global telecom fraud

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

European law enforcement dismantled a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm, enabling over 49 million fake online accounts and facilitating over 3,200 fraud cases resulting in at least 4.5 million euros in losses. The service provided phone numbers for various telecommunication crimes, including phishing, investment fraud, impersonation, extortion, migrant smuggling, and the distribution of child sexual abuse material (CSAM). The operation, codenamed 'SIMCARTEL,' involved multiple countries and seized significant infrastructure and assets. The SIM-box service operated through two websites, gogetsms.com and apisim.com, which have been seized. The service rented out phone numbers registered in over 80 countries, enabling the creation of fraudulent online accounts. The operation resulted in the arrest of seven individuals, including five Latvian nationals, and the seizure of 1,200 SIM-box devices, 40,000 SIM cards, five servers, and luxury vehicles. Financial assets totaling EUR 431,000 and $333,000 in crypto were also frozen. The operation's main raids occurred during an action day in Latvia on October 10, where 26 searches were carried out and five Latvian nationals were arrested. Three suspects were subject to a non-custodial security measure and a court imposed a security measure on a man born in 1982. Latvian law enforcement shared footage of a raid on a workspace packed with computer hardware, specialized equipment and large quantities of SIM cards.

Timeline

  1. 17.10.2025 20:01 3 articles · 3d ago

    SIM-box operation dismantled, enabling global telecom fraud

    The operation involved 26 searches, resulting in the arrest of seven suspects, including five Latvian nationals. The SIM farm network enabled the creation of over 49 million fake online accounts. The service facilitated over 1,700 cyber fraud cases in Austria and 1,500 in Latvia. The service offered telephone numbers registered in over 80 countries for criminal activities, including phishing, smishing, investment fraud, extortion, migrant smuggling, and the distribution of child sexual abuse material (CSAM). The service was marketed as a way to get fast and secure temporary phone numbers for over 160 online services and allowed users to monetize existing SIM cards. The platform was designed for anonymous communication and payments, impacting 3,200 people in various countries. The operation's main raids occurred during an action day in Latvia on October 10, where 26 searches were carried out and five Latvian nationals were arrested. Three suspects were subject to a non-custodial security measure and a court imposed a security measure on a man born in 1982. Latvian law enforcement shared footage of a raid on a workspace packed with computer hardware, specialized equipment and large quantities of SIM cards.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

GXC Team CaaS Platform Dismantled in Spain

Spanish authorities have dismantled the GXC Team, a crime-as-a-service (CaaS) operation. The group offered AI-powered phishing kits, Android malware, and voice-scam tools. The leader, a 25-year-old Brazilian known as “GoogleXcoder,” was arrested in San Vicente de la Barquera, Cantabria, after a year-long investigation involving six coordinated raids across Spain. The group targeted banks, transport, and e-commerce entities in multiple countries. The operation involved coordinated raids across seven Spanish regions, seizing electronic devices and cryptocurrency. The investigation is ongoing, with potential further arrests. The GXC Team's leader, known as GoogleXcoder, lived as a digital nomad, relocating between multiple homes in different Spanish provinces. The police identified six other individuals allegedly associated with the CaaS operation. The GXC Team's Telegram channels were deactivated, and digital evidence is being examined to identify other suspects. The CaaS operation emerged in 2023, offering advanced phishing kits, an SMS-stealing Android trojan, and tools for AI-supported voice scams.

Open in new tab

Interpol-led Operation HAECHI VI Seizes $439 Million in Global Cybercrime Crackdown

Interpol and 40 countries' law enforcement agencies seized $439 million in cash and cryptocurrency during Operation HAECHI VI, a five-month operation targeting cyber-enabled financial crimes. The operation, conducted between April and August 2025, involved a wide range of criminal activities, including voice phishing, investment fraud, e-commerce fraud, online sextortion, business email compromise, romance scams, and money laundering. The operation resulted in the seizure of 400 cryptocurrency wallets, blocking of 68,000 bank accounts, and the arrest of 45 suspects in Portugal. Additionally, Thai police seized $6.6 million transferred by a Japanese corporation into accounts controlled by a transnational organized crime group. This operation is part of a series of global efforts to combat cyber-enabled financial crimes, with previous operations HAECHI V and HAECHI IV also resulting in significant seizures and arrests.

Open in new tab

Crypto fraud ring dismantled by European authorities

A joint operation by European law enforcement agencies has dismantled a cryptocurrency investment fraud ring that defrauded over 100 victims of €100 million ($118 million). The operation, coordinated by Eurojust and supported by Europol, involved authorities from Spain, Portugal, Bulgaria, Italy, Lithuania, and Romania. The ring operated since at least 2018, targeting investors across 23 countries, including France, Germany, Italy, and Spain. The fraudsters used professionally designed online platforms to promise high returns on cryptocurrency investments. Funds were funneled into bank accounts in Lithuania, and victims were charged additional fees to recover their assets. The fraudulent websites eventually went offline, leaving investors with significant losses. Five suspects were arrested, and bank accounts and financial assets were frozen during the operation. The main perpetrator has been accused of large-scale fraud and money laundering.

Open in new tab

RaccoonO365 Phishing Network Disrupted by Microsoft and Cloudflare

The RaccoonO365 phishing network, a financially motivated threat group, was disrupted by Microsoft's Digital Crimes Unit (DCU) and Cloudflare. The operation, executed through a court order in the Southern District of New York, seized 338 domains used by the group since July 2024. The network targeted over 2,300 organizations in 94 countries, including at least 20 U.S. healthcare entities, and stole over 5,000 Microsoft 365 credentials. The RaccoonO365 network operated as a phishing-as-a-service (PhaaS) toolkit, marketed to cybercriminals via a subscription model on a private Telegram channel. The group used legitimate tools like Cloudflare Turnstile and Workers scripts to protect their phishing pages, making detection more challenging. The mastermind behind RaccoonO365 is believed to be Joshua Ogundipe, who received over $100,000 in cryptocurrency payments. The group is also suspected to collaborate with Russian-speaking cybercriminals. Cloudflare executed a three-day 'rugpull' against RaccoonO365, banning all identified domains, placing interstitial 'phish warning' pages, terminating associated Workers scripts, and suspending user accounts to prevent re-registration.

Open in new tab

U.S. sanctions cyber scam operations in Southeast Asia

The U.S. Department of the Treasury has sanctioned several large cyber scam networks in Southeast Asia, primarily in Burma and Cambodia. These operations, which used forced labor and human trafficking, stole over $10 billion from Americans in 2024, a 66% increase from the previous year. The scams included romance baiting and fake cryptocurrency investments. The sanctions target individuals and entities linked to the Karen National Army (KNA) and various organized crime networks. The sanctions block these entities from the U.S. financial system, freeze their U.S.-based assets, and limit their access to international financial services. The move aims to disrupt the operations and impose legal and financial consequences on the perpetrators. The cybercriminal syndicates in Southeast Asia net nearly $40 billion annually in illicit profits. The U.S. actions are part of a broader effort to degrade the infrastructure supporting these scams and punish the system enabling their crimes.

Open in new tab