Law enforcement authorities across Europe have dismantled a sophisticated cybercrime-as-a-service operation that enabled criminals to commit widespread fraud and other serious offenses across the continent.
The coordinated action, codenamed ‘SIMCARTEL’, resulted in seven arrests, the seizure of over 40,000 active SIM cards, and the takedown of infrastructure that facilitated crimes causing millions of euros in damages.
Massive Criminal Infrastructure Uncovered
The operation, conducted on October 10, 2025, in Latvia, led to the arrest of five Latvian nationals and the seizure of critical criminal infrastructure.
Investigators confiscated approximately 1,200 SIM box devices operating 40,000 active SIM cards, along with hundreds of thousands of additional SIM cards.
Authorities also seized five servers, took control of two websites offering the illegal service, and froze EUR 431,000 in bank accounts and USD 333,000 in cryptocurrency accounts.
Key results of the operation:
- 26 searches carried out across multiple locations.
- 7 individuals arrested, including 5 Latvian nationals.
- 1,200 SIM box devices seized operating 40,000 active SIM cards.
- 5 servers hosting criminal infrastructure taken down.
- EUR 431,000 in bank accounts and USD 333,000 in cryptocurrency frozen.
- 4 luxury vehicles confiscated.
The criminal network operated highly sophisticated online services through websites that offered telephone numbers registered to individuals from over 80 countries.
These numbers were rented to criminals worldwide who used them to create fake accounts on social media and communication platforms, effectively masking their true identities and locations while committing cybercrimes.
Enabling Widespread Criminal Activity
Investigators have linked the network to more than 1,700 individual cyber fraud cases in Austria and 1,500 in Latvia, with financial losses totaling approximately EUR 4.5 million in Austria alone and EUR 420,000 in Latvia.
The true scope of the operation is staggering, with more than 49 million online accounts created using the illegal service.
Criminal activities enabled by the service:
- Phishing and smishing attacks targeting banking credentials.
- Daughter-son scams via WhatsApp demanding urgent payments.
- Investment fraud schemes using remote-access software.
- Fake online marketplaces and fraudulent bank websites.
- Fake police officer scams targeting Russian-speaking victims.
- Distribution of child sexual abuse material.
The infrastructure enabled various criminal schemes including phishing, smishing, investment fraud, and fake marketplace scams.
Perpetrators used the service to conduct “daughter-son scams” on WhatsApp, create fake shop websites, impersonate police officers, and facilitate other serious crimes including migrant smuggling and the distribution of child sexual abuse material.
International Cooperation Brings Results
The successful operation involved coordinated efforts between authorities from Austria, Estonia, Latvia, and Finland, supported by Europol and Eurojust.
During the action day, law enforcement conducted 26 searches and seized four luxury vehicles in addition to the digital infrastructure.
Europol deployed specialists to Riga and collaborated with the Shadowserver Foundation to dismantle the technical infrastructure, displaying splash pages on the criminal service websites to notify users of the takedown.
The investigation remains ongoing as authorities continue to uncover the full extent of the network’s criminal activities and identify additional perpetrators who utilized the service.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
