Authorities in Vilnius, Lithuania, have dismantled what they describe as one of the largest SIM box and bot farm operations uncovered in the region, disrupting a complex network used to facilitate large-scale fraud, fake account creation, and cyber-enabled crimes across multiple global platforms including PayPal, Facebook, Google, Telegram, and WhatsApp.
The operation, conducted by the Vilnius County Police Headquarters, resulted in the seizure of more than 200 SIM boxes, 100 computers, and an astonishing 75,000 SIM cards — all believed to have been used to automate and scale criminal activity. Two suspects have been arrested, and authorities say investigations are ongoing to identify additional accomplices.
“SIM cards could have been used to commit cybercrime using VoIP (Voice over IP), as well as by creating fake accounts on social networks and payment systems PayPal, Facebook, Google, Telegram, and WhatsApp,” Vilnius County Police said in a statement.
Authorities Trace Fraud Network Through SIM Activity Across Vilnius
The investigation began after the Lithuanian Communications Regulatory Authority (CRA) alerted law enforcement about suspicious SIM activity believed to originate from Vilnius. The CRA’s initial report pointed to irregular network patterns suggesting a large-scale automated SIM operation, commonly referred to as a “SIM swarm.”
Investigators later traced the operation to multiple sites across the Lithuanian capital, a city of over 600,000 residents. Surveillance data from local network towers revealed a concentration of suspicious cellular activity consistent with bulk SIM card usage.
Law enforcement eventually identified three specific administrative buildings housing the illegal infrastructure. Inside, they discovered racks of SIM boxes — specialized devices designed to automate mobile connections at scale. These systems can simulate thousands of phones simultaneously, allowing attackers to bypass identity checks, spam verification systems, and execute coordinated bot activities.
According to authorities, the suspects were responsible for purchasing SIM cards in bulk across various European countries and routing them back to Lithuania for use in the bot farm. This allowed the operators to exploit different telecommunications networks while maintaining operational anonymity.
Potential for Large-Scale Cybercrime and Social Media Manipulation
Investigators estimate that the seized equipment could have powered hundreds of thousands of fake social media or payment system accounts simultaneously. The network’s potential applications ranged from financial fraud and identity theft to online disinformation and artificial engagement operations.
Each SIM card can be linked to a unique account, making it valuable for criminals attempting to create verified user identities. These accounts can then be used to:
- Amplify content or political messaging on social platforms.
- Facilitate phishing or scam operations.
- Manipulate online marketplaces and digital advertising systems.
- Circumvent phone verification systems during fraudulent registration attempts.
By combining SIM box technology with VoIP infrastructure, operators could also disguise the true source of calls or messages, enabling spam campaigns and impersonation attacks targeting both individuals and organizations.
Regional Crackdown Expands Against SIM-Based Cybercrime
The Lithuanian bust marks the second major law enforcement operation against SIM box networks in Eastern Europe within weeks. Europol announced a similar action in Latvia, where authorities seized five servers, 1,200 SIM box devices, and 40,000 active SIM cards linked to another large-scale bot farm.
The increasing frequency of such takedowns highlights growing regional cooperation against transnational cybercrime syndicates that exploit telecommunications systems for fraudulent gain. Lithuanian police say they are working closely with international partners, including Europol and neighboring cybercrime units, to trace data flows and identify connected infrastructure across borders.
Authorities have not yet disclosed whether the Lithuanian operation was linked to other European bot networks, but investigations are ongoing. For now, the dismantling of this large-scale infrastructure represents a significant blow to organized cybercrime operations in the Baltic region.
“This case shows how modern cybercrime can exploit telecommunications infrastructure at scale,” said an official close to the investigation. “By targeting SIM-based automation, we’re cutting off a core resource that fuels online fraud, spam, and disinformation networks.”
