DIGITAL TERROR FROM ABROAD: 7 AMONG TWO ARRESTED FROM MOHALI IN CASE FIR NO. 305/25 U/S: 318(4) / 319(2)/61(2)/3(5) BNS, 66 IT ACT & 42 TELECOMMUNICATIONS ACT, PS: SPECIAL CELL

In one of the most alarming cybercrime investigations in recent years, the IFSO Unit, Special Cell, Delhi Police has dismantled a highly sophisticated international cyber fraud syndicate that weaponized fear, terrorism narratives, and cutting-edge telecom manipulation to extort innocent citizens across India.

Beginning September 2025, victims nationwide were subjected to phone calls from fraudsters impersonating officers of the Anti-Terrorist Squad (ATS), particularly from Uttar Pradesh. Citizens were falsely accused of links with terror attacks including Pahalgam and Delhi Blasts, warned of immediate arrest, and placed under so-called “digital arrest”—a psychological trap designed to force instant monetary transfers in the name of national security.

The scam’s sheer audacity—mixing terror allegations with law-enforcement impersonation—made it exceptionally dangerous, deeply traumatizing, and alarmingly effective.

Technical Sophistication & Challenges: From October 2025, the task of unravelling this syndicate was taken up by IFSO Unit. Initial investigations revealed that the gang was employing highly sophisticated telecom manipulation techniques to evade detection.

Key findings included: The calls were deliberately routed over low-frequency (2G) networks to avoid real-time location tracking. The criminals were operating SIMBOX systems, enabling them to mask international calls as domestic Indian numbers.These calls were originating from foreign countries, particularly Cambodia, and were routed into India through clandestine SIMBOX installations.

Further investigation revealed a disturbing technological escalation: The SIMBOX devices (notably of Quectel make) were being manipulated by overwriting and rotating IMEI numbers, making device identification extremely difficult. Advanced software was used to merge multiple SIMBOXes into a single virtual entity, dynamically rotating IMEIs and SIM numbers.

As a result, when call data records were analyzed, the same number appeared to originate from multiple cities within a single day, deliberately misleading investigators.

Breakthrough & Surveillance Operation

Recognizing the grave sensitivity of the matter, a special high-priority operation was launched. A dedicated team was immediately constituted under the supervision of ACP Vijay Gahlawat, led by Insp. Kuldeep Kumar, and comprising of Insp Satish, SI Amit Verma, SI Mahesh, SI Kapil Yaduvanshi, SI Ankit, ASI Surender Rathi, ASI Tek Chand, ASI (dvr.) Davinder Singh, HC Vikender, HC Deepak, HC Mohit, HC Karamvir, HC Giri Raj, HC. Darshan, HC Mohit, HC Sailesh Kumar, HC Monu Dagar, HC Manoj and Ct. Rakesh, CT Manish, CT Rohit Sirohi, Ct Ankit Malik, CT Tibin Thomas, CT Akhil, CT Ravinder, CT Surender, CT Veer Pratap, CT Pawan, CT Dinesh Dara, CT Aman Mishra, CT Shivam Tiwari, W/HC Priyanka, W/CT Sapna Yadav, W/Ct. Renu Kumari, Ct. (dvr.) Rakesh.

The operation was personally monitored and closely supervised by the undersigned, ensuring swift coordination and precise execution.

Despite these formidable obstacles, through persistent technical analysis and field intelligence, the IFSO Unit, Special Cell successfully narrowed down the first physical location of the SIMBOX operations to Goyla Dairy, Delhi.

A one-month-long covert surveillance operation confirmed the presence of 04 active locations with SIMBOX installations. A swift and decisive raid followed.

FIRST 02 ARRESTS: THE LOCAL OPERATORS (Operating from 05 different locations in Delhi (Goyla Dairy, Qutub Vihar, Deenpur, Shahabad Dairy)

Shashi Prasad (53) Resident of Qutub Vihar, Goyla Dairy, New Delhi Role: Physical custodian of Delhi SIMBOX setup

Parvinder Singh (38) Resident of Deenpur, DelhiRole: Active facilitator and maintenance handler of Delhi Setup. Both accused knowingly facilitated international cyber fraud operations targeting Indian citizens. Foreign Link & Taiwanese National Involvement

Further investigation revealed a significant international conspiracy angle. It was established that: The SIMBOX devices were supplied, installed, and technically configured exclusively by Taiwanese nationals.

Communication between Indian handlers and foreign conspirators was conducted via Telegram, using encrypted chats.

Forensic analysis of seized digital devices led to the identification of a Taiwanese national

TSUNG Chen Nationality: Taiwanese Age: 30 years Strategic Trap & Arrest of Foreign Conspirator (3rd Arrest)

In a calculated counter intelligence move, the investigating team intentionally initiated and sustained encrypted online conversations with the foreign handler, gradually gaining his confidence and manipulating him into believing that his illegal SIMBOX network in India remained fully operational and secure.

By overconfidence and unaware that every digital move was being closely monitored, the foreign conspirator walked straight into the trap laid.

On 21st December 2025, I-Tsung Chen, the Taiwanese man allegedly controlling the illegal SIMBOX infrastructure from abroad, was swiftly intercepted and arrested at the Delgi International Airport, marking a decisive breakthrough in the case.

During sustained interrogation and forensic examination of his digital devices, it was found Chen to be the principal operational backbone of the syndicate—responsible for illegally smuggling SIMBOX devices into India, deploying them across multiple locations, and ensuring their technical concealment to enable mass-scale cyber fraud targeting Indian citizens.

Further interrogation and intelligence analysis revealed that Chen was not acting alone. He emerged as a key operative of a larger Taiwan-based organized crime network, allegedly led by one gangster namely, Shang-Min Wu. As per disclosures, this transnational gang has a criminal history involving kidnapping for ransom, large-scale financial fraud, and sophisticated money-laundering operations, operating across multiple countries under the cover of cyber and telecom crime.

Further Investigation (Mohali, Punjab): (Operating from 02 Locations in Mohali)

During analysis of Delhi Setup, it was found that the Taiwan National I-TSung had also installed a SIMBOX set in Mohali, Punjab. The same was also identified and seized accordingly and 02 more persons were arrested. The details are as follows:

Mohali, Punjab Module (4th & 5th Arrest)

02 more arrests uncovered another SIMBOX hub:

Sarbdeep Singh (33) – B.Tech (Electronics), Jaspreet Kaur (28) – Diploma holder

Recoveries included: SIMBOX, laptops, passports, Cambodia employment cards.

Shocking revelation:

Both had worked in Cambodia-based scam centers, where they were recruited by a Pakistani handler who funded and directed SIMBOX installation in India. Chinese resource pool, Cambodia scam camps, Pakistani handlers & a grave national security alarm Interrogation of the accused has unveiled a disturbing transnational conspiracy that stretches far beyond routine cyber fraud. Both accused admitted to having previously worked inside organized scam centres operating in Cambodia, infamous for running industrial-scale cybercrime operations targeting victims across the globe.

It was during their stay in Cambodia that they allegedly came under the influence of a Pakistani national, who systematically recruited, radicalised, and redirected them into a deeper criminal role. Acting on his explicit instructions, the accused returned to India and established an illegal SIMBOX hub in Mohali, Punjab, designed to clandestinely route international scam calls into the Indian telecom network.

Investigators found that every critical resource for this operation—funding, SIMBOX devices, technical instructions, and operational guidance—was allegedly arranged and supplied by the Pakistani handler, indicating direct foreign sponsorship and control of the illegal setup on Indian soil.

More alarmingly, advanced forensic and technical analysis revealed that the syndicate was using Pakistani-origin IMEI numbers of Faywa Make to overwrite and mask the original identities of SIMBOX devices. This deliberate manipulation of telecom identifiers was aimed at evading lawful interception, defeating tracking mechanisms, and misleading security agencies, a tactic that significantly elevates the case from cyber fraud to a serious national-security concern.

Further Investigation Crypto Angle (Coimbatore): During analysis of Mohali Setup, it was found that the Cyber criminals are in process of installing a new SIMBOX setup in Coimbatore, Tamil Nadu. The same was also identified and seized accordingly and one more person was arrested.

Coimbatore Module (6th Arrest) Dinesh K– Diploma (Hotel Management) 

The crypto pipeline exposed: following the money across borders:

Interrogation of Dinesh has opened a crucial window into the financial angle of the international cyber fraud syndicate. Investigation revealed that he has been active in the cryptocurrency ecosystem since 2018.

Further raising serious red flags, Dinesh has undertaken multiple international travels to Vietnam, Thailand, Malaysia, and Cambodia—countries repeatedly flagged as operational and financial hubs for transnational cybercrime networks. It has been suspected he has undertaken these trips to coordinate directly with cryptocurrency exchanges, facilitators, and principal financial handlers of the syndicate for large-scale laundering of extorted funds.

Further Investigation (Mumbai): In the course of further investigation, it was found that cyber criminals have also installed a SIMBOX setup in Malad, Mumbai. After technical analysis, same was also identified and a team was sent and the setup was seized.

The details are as follows: Abdus Salam (33) (7th Arrest), Diploma in Civil Engineering , resident of Malad

The global command chain exposed: from Cambodia to China, via Pakistan & Nepal

Interrogation of the accused also brought to light an international command-and-control structure behind the “Digital Arrest” scam, revealing that the operation running on Indian soil was merely the last link in a multi-country syndicate.

The accused disclosed that he was in continuous contact with an individual who had earlier operated from Delhi and had masterminded 02 major illegal SIMBOX installations in Narela and Nihal Vihar, both of which were busted earlier in the year 2025. This Delhi-based operator is now believed to be part of a larger offshore syndicate, having shifted operational control outside India to evade law enforcement.

Mr. Vinit Kumar, IPS, DCP, IFSO, said, this case exposes a deeply entrenched international cybercrime syndicate, leveraging advanced telecom fraud, psychological manipulation, and cross-border coordination to exploit Indian citizens under the guise of national security threats. Further investigation is underway, focusing on: Identifying remaining domestic operatives and foreign conspirators Unravelling money-laundering trails, hawala routes, and crypto channels
Mapping the complete international architecture behind the SIMBOX ecosystem

It seems that this Nepal node acts as a buffer command centre, deliberately positioned to insulate the core conspirators from Indian jurisdiction—while still maintaining real-time control over SIMBOX installations inside the country.

Evidence collected in investigation has already established that:

Cambodia served as the training and recruitment ground, where operators were inducted inside scam centres. China nationals supplied and configured the SIMBOX hardware and technical architecture.Pakistan handler allegedly facilitated funding, IMEI manipulation, and identity masking techniques; and Nepal emerged as the current operational nerve centre, from where instructions were relayed to Indian ground operators.

Recoveries: 22 Sim boxes, 8 Mobile phones, 3 Laptop, 7 CCTV Cameras, 5 Routers, 3 Passports, 2 Employment Cards of Cambodia, 10 Indian SIMs, 120 Foreign Sims of China Mobile

A nationwide digital crime trail: thousands of victims, one shadow network

The true magnitude of this case became evident as investigators peeled back the digital layers of the syndicate. Forensic and technical analysis with the help of National Cyber Forensic Lab, NCFL(I), Dwarka revealed that more than 5000 compromised IMEI numbers and an astonishing number of around 20,000 SIM cards and mobile numbers were directly embedded within this single criminal module—forming a massive, covert telecom web operating beneath the surface of India’s communication networks.

With critical analytical support from the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, investigators cross-mapped these IMEIs and mobile numbers against national cybercrime databases. The results were staggering thousands of cybercrime complaints and registered cases from across the length and breadth of India were found to be linked to this very network.

From metro cities to small towns, thousands of victims whose defrauded amount is around 100 Cr. from multiple states had unknowingly been targeted through the same foreign-controlled SIMBOX infrastructure, subjected to fear-inducing calls invoking terror attacks, national security threats, and fake law-enforcement authority, and coerced into transferring hard-earned money under psychological duress.

Inter-agency synergy: the force multiplier behind the breakthrough

This landmark operation was made possible through exceptional inter-agency coordination and real-time institutional support. The IFSO Unit, Special Cell places on record its deep appreciation for the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, for their support.

Equally critical was the unwavering technical support extended by the Department of Telecommunications, which enabled rapid identification of manipulated telecom identifiers and unlawful network bypasses. The investigation was further strengthened by the proactive cooperation of BSES Rajdhani Power Limited (BRPL) and BSES Yamuna Power Limited (BYPL), whose timely assistance proved decisive in tracing clandestine installations and neutralizing the illegal setups.

This seamless collaboration between law enforcement, central agencies and critical infrastructure providers stands as a model of whole-of-government response to emerging cyber-enabled threats and reinforces India’s collective resolve to safeguard its digital security.

CURRENT STATUS: Mr. Vinit Kumar, IPS, DCP, IFSO, said, this case exposes a deeply entrenched international cybercrime syndicate, leveraging advanced telecom fraud, psychological manipulation, and cross-border coordination to exploit Indian citizens under the guise of national security threats. Further investigation is underway, focusing on: Identifying remaining domestic operatives and foreign conspirators Unravelling money-laundering trails, hawala routes, and crypto channels
Mapping the complete international architecture behind the SIMBOX ecosystem