
Largest Cyberattack on Mobile Phone Infrastructure in U.S. History
U.S. Secret Service Dismantles Imminent Telecommunications Threat in New York Tristate Area
Primary Category: News / Crimes & Criminals
Authors:
• SCARS Editorial Team – Society of Citizens Against Relationship Scams Inc.
• Portions by United States Secret Service
About This Article
The U.S. Secret Service disrupted an imminent telecommunications threat in the New York tristate area by seizing a dispersed network of more than 300 SIM servers and 100,000 SIM cards used to place anonymous threats against senior U.S. officials. Investigators say the hardware could disable cell towers, enable denial of service attacks, and provide encrypted channels for criminal or nation-state actors. Early analysis points to contacts between foreign operatives and individuals already known to federal authorities. Devices were clustered within 35 miles of the United Nations General Assembly, prompting urgent action. The Advanced Threat Interdiction Unit is leading the ongoing probe with support from DHS, DOJ, ODNI, NYPD, and local partners.

U.S. Secret Service Dismantles Imminent Mobile Phone Cyberattack & Telecommunications Threat in New York Tristate Area
On September 23rd, 2025, the U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials, which represented an imminent threat to the agency’s protective operations.
This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites.
In addition to carrying out anonymous telephonic threats, these devices could be used to conduct a wide range of telecommunications attacks. This includes disabling cell phone towers, enabling denial of services attacks, and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises.
While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
“The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated,” said U.S. Secret Service Director Sean Curran. “The U.S. Secret Service’s protective mission is all about prevention, and this investigation makes it clear to potential bad actors that imminent threats to our protectees will be immediately investigated, tracked down and dismantled.”
These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location, and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network. The U.S. Secret Service’s Advanced Threat Interdiction Unit, a new section of the agency dedicated to disrupting the most significant and imminent threats to our protectees, is conducting this investigation. This investigation is currently ongoing.
The Department of Homeland Security’s Homeland Security Investigations, the Department of Justice, the Office of the Director of National Intelligence and the NYPD, as well as other state and local law enforcement partners, provided valuable technical advice and assistance in support of this investigation.
This is an ongoing investigation.

Glossary
- Advanced Threat Interdiction Unit — This unit is a specialized section of the U.S. Secret Service that disrupts significant, imminent threats to protected persons. It conducts fast-moving operations, coordinates with partners, and removes devices or networks that could endanger public safety.
- Anonymous Telephonic Threat — This threat involves phone calls or messages that hide the caller’s identity while delivering intimidation or demands. Criminals often route calls through layered devices, which makes tracing harder, and increases fear and confusion.
- Botnet-Enabled Phone Network — This network links many compromised or criminally controlled devices to act together for malicious goals. It can flood systems, mask origins, and coordinate attacks across wide areas.
- Call Detail Records (CDRs) — These records log when, where, and how a phone call or text occurred. Investigators analyze CDRs to map contacts, timelines, and travel patterns that can link devices to suspects.
- Cell Tower Disruption — This disruption interferes with the normal operation of wireless base stations that connect mobile phones. Attackers can degrade service, drop calls, or block emergency communication across neighborhoods.
- Co-Located SIM Servers — These are groups of networked devices that host large numbers of active SIM cards in one place. They allow criminals to send calls or texts at scale, switch identities quickly, and conceal true origins.
- Command and Control (C2) Node — A C2 node directs malicious devices, issues instructions, and collects results. Disabling C2 nodes can break coordination, reduce harm, and expose the people behind an operation.
- Denial-of-Service (DoS) Attack — This attack overwhelms a network or service with traffic until legitimate users cannot connect. When aimed at phones or towers, it can block calls, texts, and critical alerts.
- Device Forensic Imaging — This process creates a verified, bit-by-bit copy of a device for safe analysis. It preserves evidence, protects chain of custody, and lets experts examine data without changing the original.
- Encrypted Communication — This method scrambles messages so only authorized parties can read them. Criminals misuse encryption to coordinate, but encryption also protects victims when used lawfully and responsibly.
- Evidence Preservation — This practice secures devices, data, and logs so they remain intact for court or investigations. Proper preservation supports justice, strengthens cases, and prevents contamination.
- Federal Protective Operations — These operations protect senior officials, visiting dignitaries, and designated events. The work includes advance planning, real-time threat monitoring, and rapid response to emerging risks.
- Geospatial Concentration Radius — This term describes the measured zone where devices or threats appear clustered. Analysts use it to assess risk near major events, critical sites, or population centers.
- Homeland Security Investigations (HSI) — HSI is a component of the Department of Homeland Security that investigates transnational crime. It supports cyber, financial, and technology cases through field offices and expert teams.
- Imminent Threat — An imminent threat presents a near-term risk that requires urgent action. Agencies prioritize speed, safety, and prevention when the window to act is short.
- International Mobile Equipment Identity (IMEI) — This is a unique identifier assigned to a physical mobile device. Investigators use IMEIs to track hardware, link seizures to suspects, and separate phones from SIM identities.
- International Mobile Subscriber Identity (IMSI) — This number identifies a subscriber on a mobile network through the SIM card. It ties usage to an account, which helps connect activity to networks of devices.
- Lawful Seizure — This is the legal taking of devices or data under court authority. It allows examiners to collect evidence, stop harm, and follow due process.
- Mobile Network Infrastructure — This infrastructure includes towers, base stations, switches, and core network elements that carry voice and data. Attacks on this layer can cause wide service loss and public safety risks.
- Nation-State Threat Actor — This actor operates with direction, support, or tolerance from a government. Such actors have resources, patience, and global reach, which complicates deterrence and response.
- Network Hardening — This practice strengthens systems to resist attack. It includes patching, segmentation, access controls, and monitoring that reduce the chance and impact of intrusions.
- NYPD Partnership Support — This support includes technical advice, logistics, and local enforcement assistance from the New York City Police Department. Strong city partnerships improve speed, coverage, and evidence handling.
- Office of the Director of National Intelligence (ODNI) — ODNI coordinates U.S. intelligence community activities. It helps align collection, analysis, and sharing when threats cross agencies and domains.
- Protective Intelligence — This discipline collects, assesses, and acts on information that signals danger to people or events. It blends threat indicators, open sources, and technical data to prevent harm.
- Proxy Routing — This routing bounces communications through multiple systems to hide the true source. It frustrates tracing, masks locations, and gives attackers time to operate.
- Seizure Warrant — A court-approved order authorizing the taking of devices, media, or records. Warrants define scope, timing, and items to ensure lawful collection.
- SIM Card Farming — This practice activates and manages large numbers of SIM cards to automate calls or texts. It enables identity swapping, evasion, and high-volume messaging for threats or fraud.
- SIM Server — A SIM server connects many SIM cards to telecommunication networks through software. It lets operators control calling, texting, and routing from a central point.
- Threat Deconfliction — This process ensures multiple agencies do not duplicate efforts or interfere with one another. Shared schedules, case notes, and contact points reduce risk and confusion.
- Threat Vector — A threat vector is the path or method used to carry out an attack. Knowing the vector helps defenders block access, monitor signals, and improve resilience.
- Tri-State Area (New York) — This region commonly refers to New York, New Jersey, and Connecticut. Dense population and critical infrastructure make the area a frequent focus for protection.
- United Nations General Assembly (UNGA) Security Perimeter — This perimeter is the layered zone of checkpoints, surveillance, and patrols around UN events. It expands during high-level meetings due to increased threat interest.
- S. Secret Service Protective Mission — This mission includes safeguarding protectees, securing sites, and stopping threats before they reach targets. Prevention, coordination, and technology form the core of this work.
- Volumetric Traffic Spike — This spike is a sudden swell of calls, texts, or data designed to overwhelm systems. Analysts look for abnormal patterns to catch attacks early, and operators throttle traffic to protect service.
Please Rate This Article
Please Leave Us Your Comment
Also, tell us of any topics we might have missed.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment above!
ARTICLE RATING
TABLE OF CONTENTS
- U.S. Secret Service Dismantles Imminent Telecommunications Threat in New York Tristate Area
- U.S. Secret Service Dismantles Imminent Mobile Phone Cyberattack & Telecommunications Threat in New York Tristate Area
- Photo Gallery
- Glossary
- SCARS Institute™ ScamsNOW Magazine
Society of Citizens Against Relationship Scams Inc. [SCARS]
CATEGORIES
RELATED ARTICLES
U.S. & Canada Suicide Lifeline 988
![NavyLogo@4x-81[1] Largest Cyberattack on Mobile Phone Infrastructure in U.S. History - 2025](https://scamsnow.com/wp-content/uploads/2025/04/NavyLogo@4x-811.png)
ARTICLE META
See Comments for this Article at the Bottom of the Page
Important Information for New Scam Victims
Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
SCARS Institute now offers a free recovery program at www.SCARSeducation.org
Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors, please visit counseling.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and not to blame themselves, better develop recovery programs, and help victims avoid scams in the future. At times, this may sound like blaming the victim, but it does not blame scam victims; we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens, and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
SCARS INSTITUTE RESOURCES:
If You Have Been Victimized By A Scam Or Cybercrime
♦ If you are a victim of scams, go to www.ScamVictimsSupport.org for real knowledge and help
♦ Enroll in SCARS Scam Survivor’s School now at www.SCARSeducation.org
♦ To report criminals, visit https://reporting.AgainstScams.org – we will NEVER give your data to money recovery companies like some do!
♦ Follow us and find our podcasts, webinars, and helpful videos on YouTube: https://www.youtube.com/@RomancescamsNowcom
♦ Learn about the Psychology of Scams at www.ScamPsychology.org
♦ Dig deeper into the reality of scams, fraud, and cybercrime at www.ScamsNOW.com and www.RomanceScamsNOW.com
♦ Scam Survivor’s Stories: www.ScamSurvivorStories.org
♦ For Scam Victim Advocates visit www.ScamVictimsAdvocates.org
♦ See more scammer photos on www.ScammerPhotos.com
You can also find the SCARS Institute on Facebook, Instagram, X, LinkedIn, and TruthSocial
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this and other SCARS articles are intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
Note about Mindfulness: Mindfulness practices have the potential to create psychological distress for some individuals. Please consult a mental health professional or experienced meditation instructor for guidance should you encounter difficulties.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here
If you are in crisis, feeling desperate, or in despair, please call 988 or your local crisis hotline.
More ScamsNOW.com Articles
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish. Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors’ experience. You can do Google searches, but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Leave a Reply