Europol, in collaboration with Eurojust and national law enforcement agencies, has dismantled a highly sophisticated international SIM-box cybercrime network during a major coordinated operation named SIMCARTEL. The action day, conducted on October 10, 2025, targeted criminal infrastructure across multiple countries, including Austria, Estonia, Finland, and Latvia. This operation revealed the enormous scale of the network, which was responsible for creating over 49 million fake online accounts and causing substantial financial losses to victims through an array of fraudulent schemes.
Operation SIMCARTEL
Operation SIMCARTEL was a coordinated law enforcement effort aimed at dismantling a cybercrime-as-a-service (CaaS) platform that leveraged SIM-box technology. The operation focused on arresting suspects, seizing devices, servers, and SIM cards, taking down criminal websites, and freezing both bank and cryptocurrency assets. On the action day in Latvia alone, authorities executed 26 searches, resulting in the arrest of seven suspects, five of whom were Latvian nationals. Law enforcement seized approximately 1,200 SIM-box devices, 40,000 active SIM cards, and hundreds of thousands of additional cards stored for criminal use. Investigators also confiscated five servers and four luxury vehicles, while freezing €431,000 in bank accounts and $310,000 in cryptocurrencies.
Understanding SIM-Boxes and Their Criminal Misuse
A SIM-box is a hardware device containing multiple SIM cards that can route international calls through local networks, allowing users to bypass standard carrier fees. While legitimate businesses may use SIM-boxes for cost efficiency, criminals exploit the technology to obscure the origin of calls and automate the creation of fake online accounts. SIM-box networks enable a range of cybercrime activities, including phishing, smishing, fraudulent trading schemes, daughter-son scams, impersonation of police officers, extortion, migrant smuggling, and the distribution of child sexual abuse material (CSAM). By leveraging SIM-box technology, criminals maintain anonymity while facilitating large-scale fraudulent operations.
Impact of the Criminal Network
The network dismantled in Operation SIMCARTEL was extensive, with over 49 million online accounts created through SIM-box services. Victims spanned Austria, Latvia, and Estonia, with at least 3,200 individuals directly affected. The financial losses were significant, amounting to €4.5 million in Austria and €420,000 in Latvia. The operation also revealed the high volume of fraud cases, with Austria reporting 1,700 and Latvia 1,500 incidents. Telephone numbers registered in more than 80 countries were rented to cybercriminals, enabling a wide spectrum of crimes while maintaining operational anonymity.
Types of Crimes Committed
SIM-box networks facilitated numerous criminal schemes. Phishing and smishing campaigns stole sensitive personal and financial information from victims via email and text messages. Fraud extended to second-hand marketplaces, fake investment platforms, and impersonation of police officers to extract money from Russian-speaking victims. Daughter-son scams involved messages demanding emergency payments, while fake shops and banking websites leveraged rented phone numbers to appear legitimate. Beyond financial fraud, the network was implicated in serious crimes, including extortion, migrant smuggling, and distribution of CSAM, highlighting the broad and dangerous capabilities of SIM-box networks.
Technical Sophistication of the Network
The cybercrime network behind SIMCARTEL demonstrated a high level of technical sophistication. Criminals designed professional websites to facilitate their illicit services, acquired thousands of SIM cards across approximately 80 countries, and maintained servers and SIM-box devices to manage operations. The infrastructure operated as a global CaaS model, offering cybercriminal clients access to temporary phone numbers for verification purposes and passive income opportunities. Platforms such as GoGetSMS and APISim were marketed under the guise of legitimate services but were integral to sustaining fraudulent activities.
Law Enforcement Collaboration
The success of Operation SIMCARTEL relied on extensive collaboration among international law enforcement agencies. In Austria, the Federal Criminal Intelligence Service, Criminal Investigation Department Salzburg, and the Vienna Public Prosecutor’s Office participated in the effort. Estonia contributed through the Estonian Police and the Northern District Prosecutor’s Office, while Finland’s National Cyber-enabled Crimes Unit and National Bureau of Investigation provided support. Latvian authorities, including the State Police and judicial prosecution offices, were instrumental during the action day. Europol and Eurojust coordinated the cross-border activities, with support from the Shadowserver Foundation for infrastructure takedowns, forensic analysis, and OSINT investigations.
Legal and Investigative Context
Some suspects in the operation were already under investigation for prior offenses, including arson, extortion, or coercive crimes in Estonia. Despite these allegations, all individuals are presumed innocent until proven guilty. The network targeted by Operation SIMCARTEL was classified as a technically advanced CaaS enterprise, demonstrating how modern cybercriminals organize sophisticated, multi-national operations with significant financial and social impact.
Conclusion
Operation SIMCARTEL represents a landmark achievement in combating global cybercrime networks. By dismantling a SIM-box infrastructure capable of creating millions of fake accounts and enabling a variety of fraud schemes, law enforcement agencies have dealt a significant blow to international cybercriminal operations. The coordinated effort underscores the importance of cross-border collaboration in tackling technologically sophisticated criminal enterprises that threaten both individuals and broader financial systems.
0 Comments