The discovery of an extensive SIM-box infrastructure in New York City represents a profound counterintelligence concern, not only because of the physical scale of the operation but also because of its timing and location. To appreciate the significance of this event, it is necessary to place it within a broader historical and operational context. Telecommunications networks have long been exploited by both state and non-state actors for covert communication, financial crime, and disruptive activity. The integration of criminal infrastructure with national security objectives has become an increasingly visible feature of modern gray-zone conflict, particularly since the end of the Cold War when adversaries began to weaponize civilian technologies in pursuit of deniable influence and disruption.
The use of “SIM farms,” or large-scale collections of SIM cards and servers designed to mimic ordinary cellular activity, is not new. Organized crime syndicates have leveraged them for spam, smishing, and financial fraud. North Korean operatives, for instance, have been linked to telephony-based fraud networks generating illicit revenue through scams and premium call-routing schemes. Russian-speaking cybercriminal groups have deployed SIM-boxes to mask identity and coordinate across borders while shielding themselves from law enforcement scrutiny. Iran’s cyber units, sometimes acting through cutouts, have also integrated telecommunications manipulation into campaigns targeting U.S. and allied interests. In each of these cases, the common thread is deniability, i.e., the ability to use civilian infrastructure for state-directed purposes while maintaining the outward appearance of ordinary criminality. Could this operation have been ENTIRELY non-aligned national or transnational criminal activity? Yes. “Thirty-five miles” from the U.N. would not be my choice of placement if the U.N. and the persons attending U.N. activities were my intended targets. Given the density of base station coverage in NYC, I would have opted for a post closer to both U.N. facilities and where attendees lay their heads. For the purpose of this piece, I’ll pretend that the operation was state-sponsored AND I’ll go with the premise that the discovered location was not an additional, perhaps secondary station in a chain. Of course, that might be exactly what adversarial FIS would want us to believe, i.e., “deniability” as I stated before.
Against this backdrop, the September 2025 discovery by the Secret Service of more than three hundred SIM servers and roughly one hundred thousand SIM cards clustered within a thirty-five-mile radius of the United Nations headquarters carries heightened significance. The seizure occurred during the opening of the United Nations General Assembly, a moment when global leaders converge in New York for high-level diplomacy (United States Secret Service, 2025). Official statements emphasized that the network could have enabled mass voice and text traffic, both for anonymized communications between foreign actors and potentially for the disruption of local telecommunications infrastructure (CNN, 2025; Associated Press, 2025).
The scale of this infrastructure and its deliberate placement near the United Nations point to a strategic rather than merely criminal purpose. Analysts cited by PBS noted that a SIM farm of this size could flood telecommunications systems, causing cascading outages (PBS, 2025). While some technical experts caution that U.S. carriers have robust mitigation tools that could blunt such an impact, even localized or temporary disruptions during a global diplomatic gathering would have significant psychological and operational consequences (Commsrisk, 2025). The purpose may not have been to permanently collapse networks but rather to create contingency leverage: a latent capacity to distract, delay, or obscure other operations should a geopolitical crisis erupt during the summit.
The Secret Service has publicly confirmed that communications occurred between “nation-state threat actors and individuals known to federal law enforcement,” yet no official attribution has been made (U.S. Secret Service, 2025). For counterintelligence professionals, the patterns of tradecraft and the geopolitical context allow for reasoned analytic judgments. The operation fits squarely within the framework of hybrid tactics employed by Russia. Moscow has repeatedly demonstrated a willingness to blend criminal infrastructure with state-directed activity. It has relied on criminal intermediaries to support disinformation campaigns, cyber operations, and telephony-based harassment. The combination of scale, timing, and proximity to the United Nations strongly suggests a Russian operational signature. This discovery mirrors previous instances in which Russia has leveraged technically noisy, deniable assets to signal capability and project disruption potential at politically symbolic moments.
Iran also emerges as a credible suspect. Tehran has a well-documented history of asymmetric operations designed to sow disruption in Western capitals. Its intelligence services have previously partnered with non-state intermediaries to extend operational reach while maintaining plausible deniability. A SIM-box farm designed to threaten disruption of cellular networks during the United Nations General Assembly would be consistent with Iran’s asymmetric doctrine. However, Iran’s pattern of activity has traditionally emphasized cyber intrusions, targeted influence operations, and physical proxy activity, rather than large-scale telecommunications disruption.
The DPRK must also be considered. Pyongyang has long relied on illicit telecommunications infrastructures for revenue generation and covert activity. SIM farms have been documented as part of North Korea’s financial crime toolkit. Yet in this case, the strategic signaling implied by targeting the United Nations makes North Korea a less likely culprit, given its usual focus on revenue production rather than international diplomatic disruption.
The PRC possesses the capability to construct such infrastructure, but the risk-reward calculus makes Beijing an improbable sponsor. China’s intelligence services favor long-term, quiet, persistent access operations, usually in the cyber and human collection domains. Deploying a conspicuous SIM-box network during the United Nations General Assembly would carry a high probability of exposure and diplomatic fallout, outcomes that run counter to China’s operational culture of avoiding overt disruption at politically sensitive junctures.
All things considered, I feel that the evidence points more persuasively toward Russian FIS as the primary sponsor, Iran as a new second. Russia’s historical reliance on hybrid criminal-state operations, its willingness to employ disruptive signaling tactics, and its long record of targeting politically symbolic events align with the discovery in New York. Iran shares some of these characteristics but lacks the established track record of telephony-based disruption at this scale. North Korea and China are less consistent with the observed tradecraft and geopolitical logic.
The discovery of the New York SIM farm underscores two enduring counterintelligence lessons. Adversarial FISs increasingly exploit civilian infrastructure, particularly in telecommunications, to build deniable operational capacity. The integration of criminal and state networks is no longer exceptional but rather a normalized feature of nation-state competition. From a defensive/countermeasures perspective, this event highlights the need for closer alignment between federal law enforcement, telecommunications providers, and allied intelligence partners. To our enemies, the attraction of SIM farms lies not only in their covert utility but also in their symbolic power, i.e., the ability to show that civilian networks can be weaponized against the United States at moments of significant diplomatic importance.
References
Associated Press. (2025, September 27). U.S. Secret Service dismantles imminent telecommunications threat in New York. AP News. https://apnews.com/article/unga-threat-telecom-service-sim-93734f76578bc9ca22d93a8e91fd9c76
CNN. (2025, September 27). Secret Service investigates massive network near UN. CNN. https://www.cnn.com/2025/09/27/us/nyc-network-secret-service-investigation
Commsrisk. (2025, September 24). U.S. Secret Service finds 300 SIM boxes in New York. Commsrisk. https://commsrisk.com/us-secret-service-finds-300-simboxes-in-new-york
PBS. (2025, September 24). How SIM farms like the one found near the UN could collapse telecom networks. PBS NewsHour. https://www.pbs.org/newshour/nation/how-sim-farms-like-the-one-found-near-the-un-could-collapse-telecom-networks
United States Secret Service. (2025, September 27). U.S. Secret Service dismantles imminent telecommunications threat in New York. United States Secret Service. https://www.secretservice.gov/newsroom/releases/2025/09/us-secret-service-dismantles-imminent-telecommunications-threat-new-york