In a sweeping takedown that shook Europe’s cybercriminal underworld, authorities have dismantled a massive “crime-as-a-service” operation that enabled thousands of frauds worldwide. The sting, codenamed “SIMCARTEL,” wasn’t your average cyber bust. Seven suspects—five Latvian nationals among them—now sit in custody after Europol, Eurojust and law enforcement from Austria, Estonia, and Latvia coordinated 26 searches on October 10, 2025.
What they found was staggering. Over 1,200 SIM box devices, 40,000 active SIM cards, and hundreds of thousands more waiting to be activated. These weren’t just phone accessories—they were fraud factories. The tech allowed criminals to route calls through multiple numbers, making them untraceable. Pretty clever, until it wasn’t.
Two websites—gogetsms.com and apisim.com—served as digital storefronts for this criminal enterprise, offering phone numbers from more than 80 countries. The operation involved the crucial technical support of Shadowserver Foundation in dismantling the digital infrastructure. Now they display something less helpful to crooks: law enforcement banners. Tough break.
From digital storefronts to digital prison cells—these criminal websites now flash law enforcement warnings instead of selling fraud tools.
The damage was substantial. More than 3,200 fraud cases linked to this infrastructure, including phishing, investment scams, and extortion. Victims lost at least €5 million—€4.5 million in Austria alone. Because nothing says “legitimate caller” like a local number that’s actually run by a fraudster in another country.
Beyond the arrests, authorities seized €431,000 from bank accounts, froze $333,000 in cryptocurrency, and confiscated four luxury vehicles. Crime paid well—until it didn’t.
The network’s reach extended beyond financial fraud. It enabled migrant smuggling and distribution of child sexual abuse material. The service had created nearly 50 million fake online accounts. That’s not just a crime problem—it’s an internet credibility crisis. This operation exemplifies the growing division of labor in cybercrime, where specialists provide infrastructure rather than committing fraud directly.
This takedown represents a significant blow to Europe’s cybercrime ecosystem. Five servers and two key websites are now offline, effectively cutting off a major resource for fraudsters worldwide. For criminals relying on this infrastructure, the message is clear: your service has been disconnected.
