China-Linked SIM Farm Threat Triples in Size: 200,000 Additional Cards Discovered in New Jersey

Breached Company

Breached Company

10 min read
China-Linked SIM Farm Threat Triples in Size: 200,000 Additional Cards Discovered in New Jersey
Photo by iStrfry , Marcus / Unsplash
China-Linked SIM Farm Threat

Federal Investigation Reveals Threat Three Times Larger Than Initially Reported—Now Totaling 300,000 SIM Cards Across Six Locations

Bottom Line: Federal agents have discovered an additional 200,000 SIM cards at a New Jersey location, tripling the scale of the China-linked telecommunications threat first uncovered in New York. The expanded network—now totaling approximately 300,000 SIM cards across six sites—had the capability to send 30 million anonymous text messages per minute and posed an even greater threat to critical infrastructure than investigators initially realized.

Just days after the U.S. Secret Service announced the dismantling of a massive SIM farm network threatening New York City during the UN General Assembly, federal authorities have revealed that the China-linked operation was far more extensive than originally disclosed.

According to law enforcement sources who spoke with ABC News and CBS News, agents from Homeland Security Investigations (HSI) discovered an additional 200,000 SIM cards at a location in New Jersey this week—doubling the 100,000 SIM cards initially seized at five other vacant offices and apartments in the New York tri-state area.

The Expanding Scope of the Threat

The discovery brings the total seizure to approximately 300,000 SIM cards paired with over 300 servers, marking what officials now describe as three times larger than the "largest telecommunications threat ever discovered on American soil."

The newly discovered cache represents a massive expansion of an already unprecedented threat. Combined with the initial findings detailed in our previous reporting on the Secret Service operation, the network's true capabilities are only now becoming clear to federal investigators.

"A thwarted plot to cripple the telecommunications system in New York was bigger than investigators first realized, adding to the urgency of their search for answers," law enforcement sources told ABC News.

Infrastructure Warfare Capabilities

The 200,000 additional SIM cards discovered in New Jersey exponentially increase the threat assessment of the operation. Investigators believe the complete network had the capacity to:

  • Send 30 million anonymous, encrypted text messages every minute—enough to message every cell phone in America in approximately 12 minutes
  • Overwhelm and disable every cell tower in New York City through coordinated denial-of-service attacks
  • Jam 911 emergency calls and disrupt critical emergency services including police, fire, and EMS dispatch
  • Facilitate anonymous encrypted communications between foreign threat actors and criminal enterprises
  • Conduct telecommunications blackouts at will across the nation's largest metropolitan area

Federal agents emphasized this wasn't spam or harassment—it was infrastructure warfare.

"This wasn't just spam or harassment," one federal agent told ABC News. "This was infrastructure warfare."

Six Locations Across the Tri-State Area

The investigation has now identified at least six locations where the China-linked network had established operations:

  1. Five initial sites in New York tri-state area (as detailed in our original coverage)
    • Armonk, New York
    • Greenwich, Connecticut
    • Queens, New York
    • Locations in New Jersey
    • Additional undisclosed sites
  2. New Jersey location discovered this week
    • Contains 200,000 additional SIM cards
    • Doubling the originally reported cache

All sites were located within a 35-mile radius of United Nations headquarters in Manhattan—a strategic positioning that coincided with the presence of approximately 150 world leaders during the UN General Assembly in late September.

Nation-State Attribution and Criminal Networks

Federal investigators continue to assess the network's connections to Chinese state actors and transnational criminal organizations. As reported in our initial investigation, early analysis revealed:

  • Nation-state involvement: Evidence of cellular communications between foreign governments and known criminals
  • Organized crime connections: Links to drug cartels, including communications equipment found alongside 80 grams of cocaine
  • Human trafficking networks: Coordination with known human trafficking operations
  • Terrorist organizations: Encrypted messaging capabilities used by terror groups

Secret Service Special Agent in Charge Matt McCool previously stated that agents believe nation-state actors used the system to send encrypted messages to organized crime groups, cartels, and terrorist organizations. While authorities have not officially named China, multiple law enforcement sources have confirmed the network's links to Chinese threat actors.

Well-Funded, Professional Operation

The discovery of 200,000 additional SIM cards reinforces investigators' assessment that this was an exceptionally well-funded and professionally executed operation requiring significant resources:

  • Multi-million dollar investment in hardware, servers, and SIM cards
  • Sophisticated technical infrastructure spanning six locations
  • Professional operational security maintaining secrecy despite the massive scale
  • Strategic geographic positioning around high-value targets
  • Long-term planning with evidence of capacity expansion beyond what was discovered

"This was well organized and well funded," officials stated in the original investigation. "This isn't a group of people in a basement playing a video game and trying to play a prank."

Timing and the UN General Assembly

The expanded threat assessment adds new urgency to questions about the network's intended activation timeline. The original investigation, detailed in our previous reporting, noted that the dismantling occurred just hours before President Donald Trump's address to the UN General Assembly.

The discovery of 200,000 additional SIM cards suggests the operation may have been planning an even larger disruption than initially feared. Had the network been activated during the UN General Assembly with world leaders present, the chaos could have been catastrophic:

  • Disruption of Secret Service protective communications
  • Jamming of emergency services during a high-profile international event
  • Potential coordination with physical attacks or other threats
  • Mass panic and confusion in the nation's largest city
  • International incident with global diplomatic repercussions

Investigation Triggered by Swatting Attacks

As reported in our original coverage, the investigation began after high-level government officials—including at least one person with direct access to President Donald Trump—were targeted by swatting incidents and threatening phone calls.

The Secret Service's Advanced Threat Interdiction Unit, created specifically to disrupt the most significant threats to the agency's protectees, began tracking these telecommunications-related threats in spring 2025. This led investigators down a trail that ultimately uncovered the massive hidden network.

The expanded scope revealed this week suggests the swatting incidents may have been just one minor capability of a far more ambitious infrastructure attack plan.

No Arrests Yet, But Forensic Analysis Ongoing

Despite the seizure of 300,000 SIM cards and over 300 servers, no arrests have been announced. However, officials have indicated that arrests are expected as forensic analysis progresses.

"There could be arrests down the road," officials said, adding "from an operational perspective, we want those behind the network to know that the Secret Service is aware and that we're kind of coming for them."

The forensic examination faces a massive challenge:

  • 300,000 SIM cards to analyze for communications data
  • Millions of call records to examine
  • Text message logs spanning potentially years of operation
  • International communications requiring coordination with foreign agencies
  • Encrypted communications that may require advanced decryption efforts

Special Agent McCool described the challenge: "We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up. That process will take time."

With the discovery of 200,000 additional cards, that timeline has likely extended significantly.

Multi-Agency Investigation Expands

The investigation involves extensive federal cooperation:

  • Homeland Security Investigations (HSI): Leading the expanded criminal investigation and discovered the New Jersey cache
  • U.S. Secret Service: Conducting protective intelligence investigation and leading threat assessment
  • Department of Justice: Coordinating potential prosecutions
  • Office of the Director of National Intelligence: Assessing nation-state involvement
  • FBI: Providing technical analysis and counterintelligence support
  • New York Police Department: Assisting with local investigations
  • State and local law enforcement: Supporting evidence collection and security

Homeland Security Investigations confirmed to CBS News: "These enforcement actions are part of an ongoing and active nationwide HSI-led criminal investigation."

Other Networks May Exist Across America

The discovery of the New Jersey cache reinforces Special Agent McCool's warning from the original investigation: "It would be unwise to think that there's not other networks across the country."

Security experts are now calling for nationwide assessments of potential SIM farm operations. The fact that investigators continue to discover new locations and equipment weeks after the initial takedown suggests:

  • Additional hidden sites may exist in the New York area
  • Similar networks could be operating in other major U.S. cities
  • The threat is nationwide, not limited to New York
  • Detection requires specialized capabilities that may not exist in all jurisdictions
  • Coordination between local and federal agencies is critical for uncovering these threats

Critical Infrastructure Vulnerability

The expanded threat underscores serious vulnerabilities in America's telecommunications infrastructure. The network's capability to potentially disable cellular service across New York City has profound implications:

Emergency Services at Risk

  • 911 systems depend on cellular networks
  • Police, fire, and EMS dispatch could be paralyzed
  • Hospital communications could be disrupted during emergencies
  • Coordination of emergency response would be impossible

Cascade Effects

  • Financial systems rely on cellular connectivity
  • Transportation networks depend on mobile communications
  • Power grid monitoring uses cellular links
  • Water systems and critical infrastructure utilize connected devices
  • Supply chains would face immediate disruption

National Security Implications

  • Secret Service protective communications could be jammed
  • Military installations near urban areas could lose connectivity
  • Government crisis communications could be disrupted
  • Intelligence operations could be compromised

Former FBI and White House security official Nick Ferrante noted: "The masterminds could have set this up a long time ago and be operating from thousands of miles away. It's a stark reminder of how deeply interconnected our world has become, where local vulnerabilities can be exploited globally."

The Technical Capabilities Explained

The 300,000 SIM card network represents a staggering concentration of telecommunications power. To understand the threat:

SIM Farm Technology

A SIM farm uses arrays of SIM cards installed in specialized servers that can:

  • Simulate thousands of individual phones simultaneously
  • Rapidly rotate through phone numbers
  • Send anonymous communications that can't be traced
  • Coordinate massive message floods
  • Mask the true location and identity of operators

Scale of Operations

With 300,000 SIM cards and 300+ servers:

  • The network could impersonate 300,000 different phone numbers
  • Sending 30 million texts per minute means 100 messages per SIM per minute
  • This rate could text every American in about 12 minutes
  • The message flood would overwhelm cellular infrastructure
  • Cell towers would crash trying to process the traffic

Why New York?

The strategic positioning around New York City and the UN headquarters was not coincidental:

  • NYC has the densest cellular infrastructure in America
  • Taking down NYC communications would have global impact
  • The UN General Assembly presented a high-value target window
  • Emergency response disruption would cause maximum chaos
  • International incident potential was maximized

Comparison to Previous Incidents

The China-linked SIM farm operation exceeds previous telecommunications threats in several key metrics:

  • Largest seizure: 300,000 SIM cards vs. previous record of ~20,000
  • Most sophisticated: 300+ servers in coordinated network
  • Highest capacity: 30 million messages/minute capability
  • Widest scope: Six locations across tri-state area
  • Greatest potential impact: Could disable entire city's cellular network

Response and Recommendations

Cybersecurity experts and former law enforcement officials are calling for:

  1. Nationwide SIM farm detection programs
    • Cellular carriers implementing anomaly detection
    • Federal coordination with telecom industry
    • Regular infrastructure audits in major cities
  2. Enhanced telecommunications security
    • Redundant emergency communications systems
    • Rate limiting and flood protection at the network level
    • Real-time monitoring for suspicious activity patterns
  3. International cooperation
    • Coordination with allies to track SIM card sourcing
    • Diplomatic pressure on nations harboring these operations
    • Intelligence sharing on telecommunications threats
  4. Legislative action
    • Stricter controls on bulk SIM card purchases
    • Enhanced penalties for telecommunications infrastructure attacks
    • Authority for proactive network monitoring
  5. Public-private partnership
    • Telecom companies sharing threat intelligence
    • Joint exercises simulating infrastructure attacks
    • Coordinated response protocols

Lessons from the NYC Cyber Initiative

CNN reports that beginning in 2016, the NYPD's Lt. Gus Rodriguez led an initiative with critical infrastructure partners to prepare for exactly this type of attack. Teams traveled to IBM's cyber range in Boston to simulate attacks on cellular networks and practice response protocols.

"In those battles we didn't always win," the report noted, "but the NYPD, the FBI, and the critical infrastructure partners in the cyber-initiative in NYC at least learned how to fight."

This preparation may have contributed to the successful detection and disruption of the network before activation.

The China Factor

While officials have not officially attributed the operation to the Chinese government, multiple law enforcement sources have confirmed the network's links to known Chinese threat actors. This aligns with broader patterns of Chinese intelligence operations, as detailed in our previous analysis.

Recent Chinese cyber operations have included:

  • Infiltration of U.S. telecommunications companies
  • Establishment of secret police stations on U.S. soil
  • Espionage operations targeting government officials
  • Infrastructure reconnaissance and pre-positioning for future attacks

The SIM farm operation fits a pattern of sophisticated, long-term operations designed to:

  • Map critical infrastructure vulnerabilities
  • Pre-position attack capabilities for future use
  • Maintain plausible deniability through criminal network connections
  • Enable both espionage and disruptive attack options

What This Means for National Security

The discovery of 200,000 additional SIM cards transforms the threat assessment in several critical ways:

Scope Reassessment

The operation was three times larger than initially believed, suggesting:

  • Intelligence estimates of Chinese capabilities may be understated
  • Detection and interdiction efforts need expansion
  • The threat timeline may be more advanced than assessed
  • Additional undiscovered infrastructure likely exists

Strategic Intent

The massive scale suggests this was:

  • Not a test or limited operation
  • Intended for actual operational use
  • Part of a broader infrastructure warfare strategy
  • Possibly one of multiple similar operations

Response Requirements

The expanded threat demands:

  • Immediate nationwide assessment of telecommunications vulnerabilities
  • Enhanced coordination between intelligence and law enforcement
  • Faster forensic analysis capabilities
  • Proactive detection rather than reactive investigation

Ongoing Threat and Next Steps

As forensic analysis of the 300,000 SIM cards continues, several key questions remain:

  1. Who specifically was behind the operation? While China is linked, individual operators haven't been identified
  2. What was the activation timeline? Was this ready to deploy or still in preparation?
  3. Are there other networks? McCool's warning suggests more may exist
  4. What are the diplomatic implications? How will the U.S. respond to Chinese involvement?
  5. How was detection achieved? What indicators led investigators to the network?

Federal authorities have confirmed the investigation is active and ongoing, with HSI leading the criminal probe while the Secret Service continues protective intelligence assessment.

Conclusion: A Wake-Up Call for Critical Infrastructure

The discovery of 200,000 additional SIM cards in New Jersey, expanding the China-linked network to three times its originally reported size, represents a fundamental shift in how America must view threats to its critical telecommunications infrastructure.

This was not a cyber attack in the traditional sense—no computers were hacked, no malware was deployed. Instead, adversaries leveraged the very tools of modern communication against us, building a hidden network capable of paralyzing a major city's ability to communicate during a critical international event.

The fact that the network tripled in size after the initial discovery suggests that even sophisticated federal investigations may only be seeing part of the picture. Special Agent McCool's warning that it would be "unwise to think that there's not other networks across the country" should be taken as both a threat assessment and a call to action.

As detailed in our original coverage of the Secret Service operation, the successful dismantling of this network prevented a potentially catastrophic disruption. But the discovery of the New Jersey cache reveals how close America came to an infrastructure attack of unprecedented scale.

The invisible infrastructure supporting modern life has become a prime battlefield. The 300,000 SIM cards seized represent not just evidence of one thwarted attack, but a warning that the nature of warfare has evolved—and America's adversaries are already positioning their weapons.

This is a developing story. This article will be updated as more information becomes available from the ongoing federal investigation.

Related Coverage:

Follow our coverage of critical infrastructure threats and national security investigations at Breached.company

Read more

The Apex Predator: How Industrialisation, AI, and CaaS Models Are Defining the Future of Cybercrime

The Apex Predator: How Industrialisation, AI, and CaaS Models Are Defining the Future of Cybercrime

The cybercrime ecosystem has undergone a fundamental transformation, evolving from disparate attacks into a professionalized, industrialized economy. The year 2024 marked a turning point, defined by the widespread adoption of automation, specialization, and the transformative influence of Artificial Intelligence (AI). This in-depth look examines how the industrialisation of illicit activities,

By Breached Company