Authorities take down network of SIM card hackers after attacking hundreds of celebrities and athletes

As a result of an international police operation organized by Europol, 8 individuals accused of deploying multiple SIM swap attacks against celebrities in the United States were arrested. This criminal group attacked thousands of victims over the past year, including social media influencers, athletes and musicians, making a profit of more than $100 million USD in cryptocurrency with illegitimate access to compromised devices.

This operation was carried out for more than a year in countries such as the United States, the United Kingdom, Belgium, Malta and Canada, with the coordination of Europol.

Researchers discovered how to operate this criminal network, made up of at least a dozen threat actors working to access victims’ phone numbers to take control of their apps and even change their passwords. The ultimate goal of the attack was to compromise bank accounts, extort victims and steal confidential files, as well as hijack victims’ social media accounts to post malicious content.

The SIM swap attack is a very common hacking technique that has also been on the rise for the most recent months, according to the European police agency. In this attack threat actors take control of a victim’s phone number by disabling their SIM and transferring the number assigned to a SIM card under their control. This attack depends entirely on deceiving phone service operators, posing as victims through social engineering campaigns.  

According to the reports, the Europol European Cybercrime Centre was of great help during this activity, providing support in activities such as:

  • Organization of operational meetings for the coordination of international activities
  • Facilitation of the exchange of information between all agencies participating in the investigation
  • Field support for the creation of a Virtual Command Post, which provided researchers with a secure and real-time exchange of analytical information and support

Authorities warn that this is not a type of attack targeting only high-profile targets, but that anyone can be a victim. To protect against these malicious campaigns, mobile security experts recommend considering the following recommendations:

  • Keep the software of all your connected devices up to date
  • Completely ignore any suspicious-looking emails and not answer phone calls from unknown numbers
  • Share as little personal information as possible online
  • Use additional security mechanisms, such as two-factor authentication, biometric records, or security tokens

To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.