An international cybercrime-as-a-service network operating on a massive scale has been dismantled by European law enforcement, following an investigation led by Latvian police in collaboration with Europol and Eurojust. The operation, codenamed SIMCARTEL, culminated on October 10 with the arrest of seven suspects and the seizure of industrial-grade infrastructure used for widespread internet and telecom fraud. Initial estimates indicate the network is responsible for enabling over 3,200 cyber fraud cases in Austria and Latvia, with reported losses totaling nearly €5 million.
SIM Box Infrastructure Powered Large-Scale SIM Fraud Across Europe
Authorities connected the SIMCARTEL operation to a wide range of illicit activities—including phishing, smishing (SMS phishing), fake investment scams, migrant smuggling, and even the distribution of child sexual abuse material—by leveraging vast telecommunication resources obtained through fraudulently controlled SIM cards and telecom infrastructure.
Over 1,200 SIM Boxes and 40,000 Active SIM Cards Seized
Central to the operation’s technical underpinnings was its use of approximately 1,200 SIM box devices and 40,000 active SIM cards. These devices allowed the criminal network to bypass mobile carrier controls and distribute SMS or voice traffic across multiple networks, often impersonating local numbers from over 80 countries. This technique enabled attackers to conduct:
- Smishing campaigns impersonating banks or public services
- Automated scam calls from local-looking numbers
- Bulk creation of fake accounts on digital platforms
- Anonymous coordination for more serious crimes
In total, law enforcement seized hundreds of thousands of SIM cards, indicating the enormous scale of the operation. Five command-and-control servers and two websites advertising the illegal services were also taken down.
Fraud Losses Reached €4.5 Million in Austria Alone
The group’s fraudulent activities caused heavy financial damage across Europe. Austrian authorities reported at least €4.5 million in documented fraud losses linked to over 1,700 cybercrime cases. Latvia identified nearly 1,500 cases and €420,000 in related losses. CyberScoop places equivalent losses at roughly $5.3 million in Austria and $490,000 in Latvia.
According to Europol, “The true scale of this network is still being uncovered.” More than 49 million online accounts were allegedly created using resources from the SIMCARTEL service, underscoring the widespread downstream impact of the group’s infrastructure.
Coordinated Law Enforcement Response Spanned Multiple Jurisdictions
The SIMCARTEL takedown involved law enforcement agencies from Austria, Estonia, and Latvia, with strategic coordination support from Europol and judicial support from Eurojust.
Assets Frozen and Vehicles Seized in Coordinated Raids
In the wake of the arrests, authorities froze €431,000 in cash across bank accounts, along with $333,000 stored in cryptocurrency wallets. Four luxury vehicles were also confiscated. Investigators described the operation as a model of coordinated response across borders and legal systems.
“Years of collaborative intelligence sharing and operational coordination yielded significant results,” noted Eurojust in a statement. The agency praised the seamless cross-border enforcement that led to the indictment and arrest of key players in this network.
Two Additional Arrests in a Parallel Operation on a Fraud Marketplace
In a related but separately conducted operation, German authorities—also supported by Europol—arrested two suspects and seized more than 50 servers linked to a fraud marketplace. The marketplace sold stolen digital identities, online banking credentials, and credit card data adapted by account balances and region. These credentials were used in targeted phishing campaigns and fraudulent e-commerce outlets that harvested additional personal and financial data from victims.
Authorities seized over 200 terabytes of forensic evidence. While this operation was distinct from SIMCARTEL, its overlap in victims and infrastructure highlights the interconnected nature of cybercrime ecosystems in Europe.
Cybercrime-as-a-Service Models Enable Deep Systemic Reach
The SIMCARTEL network exemplified the rising trend of cybercrime-as-a-service—the bundling and commercialization of attack technologies, stolen data, and identity spoofing infrastructure for profit-driven criminal use.
Abuse of Mobile Networks Remains a Persistent Threat Vector
By offering telephone numbers associated with more than 80 countries, the SIMCARTEL service facilitated anonymity and scalability for threat actors. These capabilities allowed them to flood platforms with fake accounts and weaponize mobile-based phishing vectors. With smishing incidents continuing to rise across Europe, this takedown represents a significant but partial victory.
The seizure of websites and servers used for account creation and scam distribution also addresses a major vector for fraud proliferation on social media, digital marketplaces, and communication platforms. However, Europol has emphasized that much of the infrastructure may have already been replicated or resold for use in other operations.
Implications for Cybersecurity Leaders and Law Enforcement
The scale and versatility of the SIMCARTEL network offer several key takeaways for CISOs, SOC analysts, and cybercrime investigators:
- SIM Box Abuse Is Growing : Telecommunication infrastructure remains a critical yet under-policed attack surface. Detection and anti-abuse mechanisms must be strengthened at both endpoint and carrier levels.
- Account creation fraud is industrialized : With evidence of 49 million online accounts created through fraudulent phone numbers, platforms must combine telephony-based identity verification with behavioral and geo-intelligence signals.
- Cross-border coordination is effective : Joint operations between Europol, Eurojust, and national agencies demonstrate that collective frameworks can successfully dismantle vast schemes—if timely intelligence sharing is in place.
- Crypto tracing and seizures are increasing : Law enforcement’s freezing of cryptocurrency wallets signals improved capabilities in tracing digital financial trails.
With ongoing investigations and additional suspects likely still at large, Europol warns that “this is part of a wider ecosystem” requiring sustained preventive and enforcement actions. As the threat from cybercrime-as-a-service operations continues to evolve, the SIMCARTEL case serves as a stark reminder of the importance of vigilance across network, identity, and infrastructure layers.
