The European law enforcement agency Europol has dismantled a SIM farm operation in a coordinated operation codenamed SIMCARTEL.
The cybercrime-as-a-service (CaaS) operation involved more than 1,200 SIM-box devices with 40,000 SIM cards registered in over 80 countries. The SIM cards were rented to individuals to create and verify millions of fake online accounts to commit cybercrime while hiding their actual locations.
“It allowed perpetrators to set up fake accounts for social media and communications platforms, which were subsequently used in cybercrimes while obscuring the perpetrators’ true identity and location,” Europol explained.
SIM farm linked to millions in losses
The cybercrime network was involved in more than 3,200 fraud cases, costing victims more than €4.5 million ($5.3 million) in losses in Austria and €420,000 ($490,000) in Latvia.
During the operation, police performed 26 searches in the two countries and Estonia, and arrested seven suspects in Latvia, including five nationals.
Five servers, which ran the sophisticated cybercrime infrastructure and two websites gogetsms[.]com and apisim[.]com, which offered the illegal services, were also seized and now display law enforcement splash pages.
Four luxury vehicles were also seized, and over €431,000 ($500,000) in cash and $333,000 in cryptocurrency were frozen in the suspect’s bank accounts and crypto wallets, respectively.
Meanwhile, the scope and impact of the illegal SIM farm operation are still under investigation, suggesting that the law enforcement action only uncovered the tip of the iceberg.
“The true scale of this network is still being uncovered. Measured by volume, more than 49 million online accounts were created on the basis of the illegal service provided by suspects. The damage caused by the renters of the telephone numbers to their victims amounts to several million euros,” Europol said.
SIM farm operation involved in various crimes
The SIM farm operation was responsible for various crimes, including extortion, fraud, phishing, smishing, investment fraud, and operating fake online shops and fake banking websites.
Other serious crimes included migrant smuggling, distribution of child sexual abuse material (CSAM), impersonation of law enforcement officers with fake badges, and daughter-son scams involving emergency money requests via WhatsApp.
“This type of perpetrators contacts victims via WhatsApp, posing as a daughter or son and claiming to have a new phone number,” Europol explained. “Citing alleged spontaneous accidents or emergencies and evoking panic with the victim, they demand urgent payments usually in the four-figure range.”
However, the list of crimes is far from exhaustive, and one of the suspects detained was under investigation in Estonia for arson and extortion.
“This case highlights how easily identity abuse can ripple across digital ecosystems when telecom infrastructure isn’t closely monitored,” said Steve Cobb, Chief Information Security Officer at SecurityScorecard. “The ability to weaponize SIM cards at scale, create fake accounts, spread misinformation, and enable fraud, exposes systemic gaps in verification and oversight.
Europol collaborated with the Shadowserver Foundation in taking down the SIM farm operation. Eurojust and law enforcement agencies from Austria, Estonia, Finland, and Latvia, also participated in the operation, which took place on October 10, 2025, in the country.
“Without coordinated monitoring and stronger safeguards across sectors, attackers will continue exploiting blind spots in identity systems to conceal their operations and evade detection,” Cobb added.
Meanwhile, SIMCARTEL is the second law enforcement operation to take down a large-scale SIM farm operation. In September 2025, U.S. authorities dismantled a SIM farm operation in New York involving more than 300 servers and 100,000 active SIM cards. The cybercrime infrastructure targeted the United Nations General Assembly during Trump’s speech.
