A large-scale MIT operation against a cyber espionage network using fake base stations

The large-scale MIT operation against the cyber espionage network

In a wide-ranging operation, a network comprising 7 foreign nationals who used fake base stations (Fake BTS) to spy on and defraud users was dismantled. This group, which utilized Chinese-made equipment, was active in Istanbul, Izmir, Bursa, and Yalova.

Details of the operation

The investigation began after citizens reported receiving fraudulent SMS messages. These messages, which impersonated government agencies and reputable companies, contained payment requests. Technical analysis confirmed that the messages were sent via fake base stations.

The criminals’ modus operandi

The group operated under the leadership of an individual codenamed “Petron,” with members organized into three separate teams. They intercepted telecom signals using specialized devices and collected user data by impersonating mobile operators. This data was transferred to servers in China and used for targeted phishing attacks.

Arrests and confiscation of equipment

In a joint operation by MIT, police, and the Istanbul Prosecutor’s Office, suspects were apprehended while operating in rented vehicles. Additionally, a Chinese merchant supplying technical equipment to the network was detained. Investigations revealed the suspects entered Turkey in March 2025 using fake identities to obtain mobile phone lines.

The investigation is expanding

Authorities are investigating the import route of the devices used and the international connections of this network. The seized equipment has been sent to specialized laboratories for forensic examination.

This operation once again highlights the importance of vigilance against unknown messages and unexpected payment requests.