National Intelligence Organization (MIT), as a result of technical follow -up in Istanbul, a group of foreign nationals using a fake base station revealed. It was found that these groups sent messages to citizens’ mobile phones as if they came from a public institution or private company. Payment requests were included in these messages and data were collected from each device. It was seen that a corporate language was used in the content of the messages. The aim was to deceive buyers and obtain financial and identity information.
The suspects made similar initiatives by establishing fake base stations in İzmir, Bursa and Yalova as well as Istanbul. The devices connected the user phones to their networks. Thus, both a message was sent and communication traffic could be followed. In the investigations, the devices were determined to have Chinese origin. The moments that users connected were identified and the data flow was recorded.
Research, suspects using rental vehicles to move between cities continuously revealed. It was learned that they opened their GSM lines on behalf of different people and tried to hide their identity in this way. MIT, fake -content messages after intense complaints launched technical analysis. The data obtained showed that fake base stations are in active use. Although the events seemed to be independent of each other, it was understood that it carried a systematic network structure.
Chinese -made devices with the suspects identified fraud throughout Türkiye was caught red -handed suspects
In the center of this technical system, there is a person named “Patron”. It was determined that this person directed three different groups. Each group operates in different cities using the same methods. These people have collected communication data through devices and transferred them to servers abroad. It is considered that the data sent is processed through a Chinese -based system.
With the data obtained, targeted oppression attacks on citizens were organized. Some users responded to these messages, credit card information entered into the system was found. Fraud attempts reportedly caused financial losses. MIT, which moves simultaneously with the Istanbul Police Department, caught the suspects in the vehicles with the operation. Devices and digital materials were confiscated.
Another detail that draws attention in the investigation is that the suspects entered Türkiye in March 2025. It was learned that these people provided a GSM line on a different person shortly after coming. These lines were later associated with fake base stations. So the system has been activated within a few days. How the devices are inserted into the country is not yet clear.
Within the scope of the operation in Istanbul, the resources in which the devices were supplied were also investigated. It was understood that these equipment was provided from the workplace that sells electronic products of a Chinese person. This person was also detained. The technical characteristics of the equipment were sent for criminal examination. Thus, the working principles of the devices can be examined in more detail.
Customs entry-exit data were also included in the investigation. It is investigated how the technical equipment used passes through the border gates. MIT focuses on the possibility that these devices brought from abroad may have been imported illegally. The investigation continues in a multi -faceted way. All connections are meticulously examined.
The suspects use technological methods when targeting citizens, but in turn, it is seen that the security units were deciphered in a short time with the coordinated work. In particular, such attacks, which target GSM infrastructure, create sensitivity for digital security. It is emphasized that mobile communication users should be conscious. No information should be shared without confirming the content and source of messages.
This incident in the field of cyber security was neutralized not only by technical follow -up, but also by operations carried out on the field. MIT, working in cooperation with the security units, ending the activities of the suspects. Digital data seized after the operation can also reveal other connections of the network. In the light of new information, the scope of the investigation may expand further.