In a simultaneous Istanbul-centered operation against an organized cybercrime group that defrauded citizens using the names of the National Intelligence Organization (MIT), the Post and Telegraph Organization (PTT), and the Fast Pass System (HGS), 10 people were arrested.
As part of the investigation conducted by the Istanbul Anatolian Chief Public Prosecutor’s Office, a joint operation was carried out by MIT, the Financial Crimes Investigation Board (MASAK), and the General Command of the Gendarmerie. Members of the organized cybercrime group who defrauded citizens using the names of PTT and HGS were apprehended. Out of 12 suspects detained, 10 were arrested and sent to prison.
Intelligence gathered by MIT revealed that the suspects installed malicious software on mobile devices running the Android operating system. Through these malicious programs, the perpetrators gained full control over the devices and sent fake SMS messages such as “You have an HGS debt” and “You have an undelivered PTT cargo” to third parties without the knowledge of the device owners.
Citizens were then directed to fake websites via the links in these messages, where their credit card information was stolen. The suspects’ activities were tracked and exposed step by step over a 6-month period.
During this process, numerous bank and cryptocurrency accounts were examined by MASAK. Technical and physical surveillance uncovered the structure, connections, and methods used by the organization.
It was determined that the cybercrime group was coordinated through affiliates in Georgia, directing operations via Telegram channels. The proceeds obtained through these channels were laundered via international transfers and converted into cryptocurrency. Based on MIT intelligence, efforts were initiated to locate and apprehend these connections in Georgia.
Simultaneous operations targeting the suspects were carried out in Istanbul, Izmir, Van, Elazığ, Bingöl, and Hakkari. A total of 12 suspects were apprehended during these dawn raids, with 10 being arrested and 2 released.
During the operations, authorities seized numerous digital materials, cryptocurrency wallets, cash, and foreign currency.
As a result of the operation, 318 websites identified as being used for phishing attacks and fraudulent activities were seized and shut down.
Additionally, a special control panel used by the cybercrime group to manage the malicious software installed on mobile phones was seized. Through this panel, the phones were fully controlled, SMS messages could be sent without the user’s knowledge, incoming and outgoing calls could be redirected, and the device’s camera and screen could be monitored remotely. Real-time location tracking was also possible.
The software also recorded keystrokes, transmitting highly sensitive information such as passwords and one-time verification codes to the attackers. This method revealed that the attacks were not only financially motivated but also involved real-time tracking, blackmail using camera images, and the theft of thousands of citizens’ credit card details. The activities were coordinated through the organization’s overseas affiliates and were also found to be used for espionage purposes.
MIT continues to use all its capabilities and resources decisively to prevent citizens from falling victim to cyber fraud.
Authorities emphasized that cybercrime groups pose a serious threat to citizens’ financial security, and the coordinated efforts of all state institutions to combat this threat will continue without interruption. Citizens are strongly reminded not to download applications from untrusted sources, not to click on unknown links, and to carry out transactions only through official channels.
