Secret Service Stops Major NYC Cell Network Attack

In September 2025, the US Secret Service announced the successful dismantling of a sprawling network of SIM servers and SIM cards across the New York tristate area.

Officials described the network as an “imminent threat” to senior US government officials and protective operations, given its proximity to the United Nations (U.N.) General Assembly, which was underway at the time.

According to Special Agent in Charge Matt McCool, the network had “the potential to disable cell phone towers and essentially shut down the cellular network in New York City.”

Discovery and seizure

The protective intelligence investigation uncovered more than 300 SIM servers—also known as SIM banks—and over 100,000 SIM cards distributed across multiple abandoned sites. 

Investigators revealed that the infrastructure could have been used to disable cell phone towers, launch denial-of-service (DoS) attacks, and enable encrypted communications for hostile actors. 

Officials estimated the servers were powerful enough to send up to 30 million text messages per minute, potentially overwhelming cellular networks and crippling emergency communications systems.

The equipment’s strategic location, within 35 miles of the U.N. General Assembly in New York City, heightened concerns about its potential impact. 

Capabilities and threats

SIM server farms are designed to manage thousands of SIM cards at once, automating cellular activities such as caller ID spoofing and routing communications through untraceable numbers. 

In this case, investigators suggested the network’s capabilities extended far beyond nuisance operations. Officials warned it could have triggered widespread disruption by creating a communications blackout, interrupting emergency services, or facilitating anonymous telephonic threats against high-profile individuals.

The forensics investigation has already indicated connections between the seized infrastructure, nation-state actors, drug cartels, and other organized crime groups.  

National security implications

The scale and sophistication of the network underscored its potential to undermine national security. According to Secret Service Director Sean Curran, “The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated.” 

Officials noted that the timing and placement of the network raised alarms about the possibility of state-sponsored campaigns aimed at destabilizing U.S. communications during globally significant events.

Investigators also discovered 80 grams of cocaine, illegal firearms, computers, and mobile devices at some of the sites, reinforcing the criminal dimension of the operation. While there have been no arrests to date, officials stated that arrests “could come down the road” and emphasized their intent to track those responsible.

The role of the advanced threat interdiction unit

This investigation was spearheaded by the Secret Service’s newly formed Advanced Threat Interdiction Unit, which is dedicated to identifying and neutralizing the most imminent threats to its protectees. 

The case also involved close collaboration with Homeland Security Investigations, the Department of Justice, the Office of the Director of National Intelligence, and the New York Police Department, among other partners.

Authorities stressed that the dismantling of this network does not eliminate the possibility of other, similar systems operating elsewhere in the United States.  

Broader lessons

The seizure highlights growing risks to telecommunications infrastructure, which serves as a backbone for public safety, financial systems, and government operations. A successful attack of this scale could have disrupted not only emergency dispatch services but also everyday connectivity in one of the nation’s most critical metropolitan areas.

Beyond the immediate threat, it illustrates how communications technologies can be repurposed for malicious intent on a scale capable of endangering both national security and public trust.

The Secret Service’s takedown of over 300 SIM servers and 100,000 SIM cards was a decisive move to prevent what could have been a catastrophic disruption of New York City’s telecommunications network during a high-profile international event. 

While the immediate threat has been neutralized, the case serves as a stark reminder of the vulnerabilities embedded in critical infrastructure and the importance of vigilance, coordination, and rapid response in defending against evolving threats.

For cybersecurity leaders and policymakers, the incident underscores the need for proactive monitoring of telecom infrastructure, closer public-private collaboration, and heightened vigilance against state-sponsored campaigns.