Europol takedown highlights the scale of cybercrime-as-a-service providers
What happened
In October 2025, Europol and partners arrested a small group of Latvian cybercriminals and seized infrastructure used to enable scams against thousands of victims across Europe.
The Latvian police shared this footage of the operation:
Why it’s interesting
The suspects are not scammers themselves — they are middleman “cybercrime-as-a-service” providers who sell illicit technology services to scammers and other shady actors. This tiny group of people enabled a massive amount of crime.
Let’s look at the numbers:
7 suspects arrested
1200 SIM box devices + 40,000 active SIM cards (used for sending automated phone calls and text messages) found in a small office in Latvia
hundreds of thousands of additional SIM cards seized later
this small criminal enterprise is linked to over 3200 individual cyber fraud cases, with a total loss of several million euros
49 million online accounts were created using the illegal service provided by the suspects
This is the home page of one of the websites owned by the accused as it appeared prior to the takedown. Because it’s not obvious that businesses like this are facilitating crime (and there are some legitimate use cases for their services) they are able to operate in the open.
As encouraging as it is that this site was dismantled, there’s a whole ecosystem of shady websites advertising services just like this one. When one site is taken down, others appear to replace it.
Worth reading:
Some excerpts from Europol’s press release
Operation takes down sophisticated criminal network that enabled criminals to commit serious crimes across Europe
An action day performed in Latvia on 10 October 2025 led to the arrest of five cybercriminals of Latvian nationality and the seizure of infrastructure used to enable crimes against thousands of victims across Europe.
During the operation codenamed ‘SIMCARTEL’, law enforcement arrested two further suspects, took down five servers and seized 1 200 SIM box devices alongside 40 000 active SIM cards. Investigators from Austria, Estonia and Latvia, together with their colleagues at Europol und Eurojust, were able to attribute to the criminal network more than 1 700 individual cyber fraud cases in Austria and 1 500 in Latvia, with a total loss of several million euros. The financial loss in Austria alone amounts to around EUR 4.5 million, as well as EUR 420 000 in Latvia.
The criminal network and its infrastructure were technically highly sophisticated and enabled perpetrators around the world to use this SIM-box service to conduct a wide range of telecommunications-related cybercrimes, as well as other crimes.
The online service created by the criminal network offered telephone numbers registered to people from over 80 countries for use in criminal activities. It allowed perpetrators to set up fake accounts for social media and communication platforms, which were subsequently used in cybercrimes while obscuring the perpetrators’ true identity and location.
Results of the action day:
26 searches carried out;
5 individuals arrested;
approximately 1200 SIM-box devices seized which operated 40 000 SIM cards;
hundreds of thousands of further SIM cards seized;
5 servers with infrastructure of the illegal service seized;
2 websites (gogetsms.com and apisim.com) offering the illegal service taken over by law enforcement and “splash pages” displayed;
EUR 431 000 in suspects’ bank accounts frozen;
USD 333 000 in suspects’ crypto accounts frozen;
4 luxury vehicles seized.
The true scale of this network is still being uncovered. Measured by volume, more than 49 million online accounts were created on basis of the illegal service provided by suspects. The damage caused by the renters of the telephone numbers to their victims amounts to several million euros.
Enabling a multitude of serious crimes
The criminal network offering this service enabled its clients to commit a multitude of serious crimes that would not have been possible at all without masking the perpetrators’ identities. ‘Phishing’ and ‘smishing’ are methods applied by criminals to gain access to victims’ e-mail and banking accounts.
Phishing is a cybercrime where attackers pose as trusted sources through emails, calls, texts, or websites to steal sensitive data like passwords, bank details or credit card numbers, often leading to identity theft, financial loss or malware infections.
Smishing is a subtype of phishing carried out via text messages, typically disguised as urgent notices from legitimate sources to trick victims into clicking malicious links or sharing personal information.
Other offences facilitated by this criminal service include fraud, extortion and migrant smuggling. Some examples-by no means an exhaustive list-of the criminal activities enabled by the network’s offerings are:
Fraud on online second-hand marketplaces
Some perpetrators specialised in fraud on second-hand marketplaces. They used the SIM card service to create a vast number of fake accounts, which then served as starting points for fraud enabled by phishing and smishing.
Daughter–son scam
This type of perpetrators contacts victims via WhatsApp, posing as a daughter or son and claiming to have a new phone number. Citing alleged spontaneous accidents or emergencies and evoking panic with the victim, they demand urgent payments usually in the four-figure range.
Investment fraud
Victims are usually contacted by telephone and encouraged to deposit larger sums and “invest.” The perpetrators often use remote-access software to gain access to the victim’s device.
Fake shops and fake bank websites
Rented telephone numbers of the perpetrators were also used in the legal notice and alleged responsible-party details of fake shops and in calls connected to fake bank pages.
Fake police officers
In this further large-scale phenomenon, the perpetrators used the telephone numbers to convince their mostly Russian-speaking victims of their legitimacy. This crime had an additional concerning element, as perpetrators posed as police officers with forged IDs and personally collected funds from the victims.
Criminal sophistication and technical ingenuity
The now-dismantled criminal network undertook great efforts to provide its criminal clients with the requested service. This included the professional design and appearance of its website, which was taken offline by law enforcement during the action day. There was also the massive organisational effort of multiple accomplices acquiring thousands of SIM cards in almost 80 countries worldwide to be rented to other criminal organisations. As a side note: one of the main suspects behind this now-dismantled criminal structure had already been under investigation in Estonia for arson and extortion.
