The United States Secret Service has dismantled what it describes as an "imminent telecommunications threat" in the New York tristate area, seizing hundreds of servers and more than 100,000 SIM cards capable of crippling cell networks, overwhelming emergency services, and enabling anonymous communications.
The discovery comes during the United Nations General Assembly in Manhattan, a period when hundreds of world leaders and senior U.S. officials converge on the city—a high-risk window for assassination plots and other coordinated threats.
What investigators found
According to the Secret Service, the dismantled infrastructure included more than 300 SIM servers and 100,000 SIM cards, spread across multiple locations within approximately 35 miles of the U.N. headquarters. Investigators believe the system was capable of sending 30 million text messages per minute, overwhelming cell networks in denial-of-service-style (DoS) attacks, or even disabling cell towers outright.
Officials also stressed that the network enabled anonymous and encrypted communications, creating an ideal platform for criminal organizations or state-sponsored actors to coordinate attacks undetected.
"The potential for disruption to our country's telecommunications posed by this network of devices cannot be overstated," said Secret Service Director Sean Curran.
Matt McCool, Special Agent in Charge of the New York Field Office, added: "These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises.… This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City."
Links to assassination threats
The investigation began earlier this year after authorities intercepted telecommunications-related threats against senior U.S. government officials. While officials have not disclosed specifics, the nature of the threats pointed toward the possibility of assassination attempts facilitated by encrypted communications and telecom disruption.
In particular, NBC News reports that the system included tools used to convey assassination threats, underlying that the network was not merely capable of disruption, but may have already been in use to intimidate or threaten individuals in high positions.
By disabling cellular coverage or flooding emergency lines, attackers could have limited protective services' ability to coordinate, respond, or even call for help during an attempted strike. The proximity of the devices to the U.N. General Assembly further heightened concerns, as secure communications are critical to protecting world leaders during the high-profile event.
Why SIM farms are a growing security risk
SIM farms, which are collections of SIM cards managed by servers to create massive virtual communication networks, are typically associated with spam, fraud, and social media manipulation. However, this case highlights their potential to disrupt critical infrastructure and pose threats to national security.
Kern Smith, Vice President of Global Solutions at Zimperium, underscored the public safety dimension.
"The dismantling of this SIM server network shows how adversaries are targeting mobile connectivity to disrupt critical infrastructure," Smith said. "With the ability to disable cell towers and block EMS or police response, the threat goes beyond communications; it's about undermining public safety. This reinforces why mobile must be treated as critical infrastructure, with layered defenses to detect and stop advanced threats."
Implications for cybersecurity and protective missions
This case underscores the growing convergence of cyber and physical threats. While traditional assassination attempts rely on physical access and weapons, modern plots may increasingly involve disrupting communications, exploiting encrypted platforms, or masking coordination behind telecom abuse.
Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, noted that the scale and timing of the network should not be underestimated.
"Communications infrastructure powers so much of modern society, and is foundational to emergency services," Ford said. "Three hundred servers and 100,000 SIM cards is non-trivial; this is a well-funded and coordinated operation. Focused disruption, degradation, and potential data capture of telecom networks timed in proximity to the UN General Assembly is a high-value take-down. The question I'm left wondering is how long has this been in place, how long did it operate, and, obviously, we're all making assumptions about who's behind it."
For security professionals, the incident highlights several lessons:
-
Telecom abuse must be part of threat models. Beyond phishing or spam, telecom infrastructure itself can be weaponized.
-
Forensics and attribution are critical. With more than 100,000 SIMs, tracing threat actors requires coordination across law enforcement, intelligence, and telecom providers.
-
Events create unique risks. Global gatherings, such as the U.N. General Assembly, are prime targets for disruptive or violent activity, making the resilience of communications infrastructure essential.
What comes next
The Secret Service is continuing forensic analysis of the seized equipment. While no arrests have been announced, officials say there are indications of foreign nation-state involvement, though details remain classified.
What is clear: the operation averted a potentially devastating disruption to New York's communications network—one that could have endangered the lives of senior officials and world leaders.
As the Secret Service warned, the threat was both imminent and unprecedented in scale. And as the lines between cyber and physical espionage attempts blur, safeguarding communications infrastructure has become a frontline mission in protecting national leaders.
Follow SecureWorld News for more stories related to cybersecurity.
