On October 10, 2025, Latvian authorities conducted a day of action that resulted in the arrest of five Latvian citizens suspected of running a large-scale cyber fraud network. The operation, dubbed SIMCARTEL , also involved joint investigations and investigative activities with Austria, Estonia, Europol, and Eurojust.
During the searches, investigators deactivated five servers linked to the illicit infrastructure and seized approximately 1,200 SIM-box devices along with 40,000 active SIM cards. Hundreds of thousands of additional SIM cards were also located and placed under surveillance. Two other suspects connected to the same network were arrested during the operation.
Law enforcement agencies attribute thousands of fraud incidents to the criminal organization: over 1,700 cases in Austria and approximately 1,500 in Latvia. The overall economic damage is estimated at several million euros, with losses estimated for Austria at approximately 4.5 million euros and for Latvia at 420,000 euros.
Reported operating results include:
Investigative forces have highlighted that the extent of the network is still being ascertained: over 49 million online accounts are believed to have been created based on the illegal service offered by the suspects.
According to investigators, the infrastructure was technically advanced and allowed criminal clients around the world to register phone numbers registered to users in over 80 countries. This mechanism facilitated the mass creation of fake accounts on social networks and communication platforms, concealing the real identities and locations of users.
The SIM-box service has been used to facilitate a wide range of telecommunications crimes: particularly phishing and smishing, which are used to steal credentials and access to email and bank accounts. Phishing involves scams via email, phone calls, or spoofed websites aimed at obtaining sensitive data (passwords, bank details, card numbers), while smishing is the SMS version designed to trick victims into clicking malicious links or providing confidential information.
In addition to these techniques, the network allegedly facilitated commercial fraud, extortion, migrant trafficking, and the distribution of child pornography. Documented uses also included scams on online flea markets, where fake accounts created through the service were used as a starting point for further fraud.
Authorities estimate that the damage inflicted on victims totals several million euros, and that the true extent of the illicit activities will require further investigation. Joint efforts with international partners aim to reconstruct the entire operational chain and trace the customers who purchased or used the service.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
