What is the story about?
India's Enforcement Directorate (ED) has uncovered what it describes as a large-scale cross-border cyber fraud operation involving tens of thousands of Indian mobile numbers allegedly used to scam people across the country from Cambodia.
According to information shared by the federal agency and reported by ANI, investigators identified around 36,000 Indian SIM cards that were actively operating from Cambodia. Of those, nearly 5,300 have been linked to cyber fraud complaints spanning multiple states and involving financial losses amounting to hundreds of crores of rupees.
The findings emerged during an ongoing money laundering investigation that began with a First Information Report (FIR) filed by the Cyber Police Station under the DCP (Crime) in Jodhpur. The case centred on allegations that certain Point of Sale (POS) vendors were misusing their authority to issue and activate SIM cards.
The ED's investigation suggests that the operation relied on fraudulently activated mobile connections that were later routed overseas and used to facilitate cybercrime targeting Indian citizens.
According to the agency, several SIM vendors allegedly exploited customers who were seeking new mobile connections or SIM porting services. Investigators claim that while processing legitimate requests, the accused secretly activated additional SIM cards using customer credentials and documentation without their knowledge.
These extra connections were then allegedly supplied to foreign nationals, primarily Malaysian intermediaries, in exchange for commissions. The ED believes the SIM cards were ultimately used from Cambodia to conduct cyber fraud operations aimed at victims across India.
In a statement cited by ANI, the agency said that thousands of Indian mobile numbers activated through the scheme were subsequently used from Cambodia to make WhatsApp calls and carry out various forms of cyber fraud.
The scale of the operation became clearer after investigators analysed approximately 2.3 lakh mobile numbers. The analysis revealed that around 36,000 Indian SIM cards were active in Cambodia, with roughly 5,300 of them linked to cybercrime cases registered across the country.
The ED named several individuals in connection with the alleged network, including Rahul Kumar Jha, Mohammad Sharif and Sandeep Bhatt. Authorities claim they worked alongside other SIM vendors, identified as Prakash Bheel, Ramavatar Rathi, Hareesh Malakar and Hemant Panwar.
Investigators allege that Rahul Kumar Jha and his associates played a significant role in facilitating the supply of the SIM cards to Malaysian nationals who were connected to the broader operation.
The probe has also shed light on the financial infrastructure that allegedly supported the network.
According to the ED, the accused vendors possessed authorised POS identities linked to major telecom operators including Airtel, Jio and Vodafone Idea (Vi), enabling them to issue and activate mobile connections.
As part of the ongoing investigation under the Prevention of Money Laundering Act (PMLA), 2002, the agency's Jaipur Zonal Office conducted coordinated search operations on June 5 across multiple locations.
The raids were carried out at seven premises in Rajasthan's Ajmer district, including Kishangarh and Jodhpur, as well as locations in Nagpur, Maharashtra, and Ludhiana in Punjab.
During the searches, investigators reportedly identified 30 bank accounts believed to be connected to the accused individuals. The agency also seized documents and other materials it considers relevant to the case.
In addition, officials said they uncovered details relating to both movable and immovable assets linked to the suspects, suggesting investigators are now examining the financial gains allegedly generated through the operation.
The case highlights the growing challenge posed by international cybercrime networks that exploit Indian telecommunications infrastructure while operating from overseas locations. Authorities are continuing to investigate the alleged money trail and broader network behind the operation, with further action expected as the probe progresses.
According to information shared by the federal agency and reported by ANI, investigators identified around 36,000 Indian SIM cards that were actively operating from Cambodia. Of those, nearly 5,300 have been linked to cyber fraud complaints spanning multiple states and involving financial losses amounting to hundreds of crores of rupees.
The findings emerged during an ongoing money laundering investigation that began with a First Information Report (FIR) filed by the Cyber Police Station under the DCP (Crime) in Jodhpur. The case centred on allegations that certain Point of Sale (POS) vendors were misusing their authority to issue and activate SIM cards.
How the alleged SIM card network operated
The ED's investigation suggests that the operation relied on fraudulently activated mobile connections that were later routed overseas and used to facilitate cybercrime targeting Indian citizens.
According to the agency, several SIM vendors allegedly exploited customers who were seeking new mobile connections or SIM porting services. Investigators claim that while processing legitimate requests, the accused secretly activated additional SIM cards using customer credentials and documentation without their knowledge.
These extra connections were then allegedly supplied to foreign nationals, primarily Malaysian intermediaries, in exchange for commissions. The ED believes the SIM cards were ultimately used from Cambodia to conduct cyber fraud operations aimed at victims across India.
In a statement cited by ANI, the agency said that thousands of Indian mobile numbers activated through the scheme were subsequently used from Cambodia to make WhatsApp calls and carry out various forms of cyber fraud.
The scale of the operation became clearer after investigators analysed approximately 2.3 lakh mobile numbers. The analysis revealed that around 36,000 Indian SIM cards were active in Cambodia, with roughly 5,300 of them linked to cybercrime cases registered across the country.
The ED named several individuals in connection with the alleged network, including Rahul Kumar Jha, Mohammad Sharif and Sandeep Bhatt. Authorities claim they worked alongside other SIM vendors, identified as Prakash Bheel, Ramavatar Rathi, Hareesh Malakar and Hemant Panwar.
Investigators allege that Rahul Kumar Jha and his associates played a significant role in facilitating the supply of the SIM cards to Malaysian nationals who were connected to the broader operation.
Raids reveal bank accounts and financial trail
The probe has also shed light on the financial infrastructure that allegedly supported the network.
According to the ED, the accused vendors possessed authorised POS identities linked to major telecom operators including Airtel, Jio and Vodafone Idea (Vi), enabling them to issue and activate mobile connections.
As part of the ongoing investigation under the Prevention of Money Laundering Act (PMLA), 2002, the agency's Jaipur Zonal Office conducted coordinated search operations on June 5 across multiple locations.
The raids were carried out at seven premises in Rajasthan's Ajmer district, including Kishangarh and Jodhpur, as well as locations in Nagpur, Maharashtra, and Ludhiana in Punjab.
During the searches, investigators reportedly identified 30 bank accounts believed to be connected to the accused individuals. The agency also seized documents and other materials it considers relevant to the case.
In addition, officials said they uncovered details relating to both movable and immovable assets linked to the suspects, suggesting investigators are now examining the financial gains allegedly generated through the operation.
The case highlights the growing challenge posed by international cybercrime networks that exploit Indian telecommunications infrastructure while operating from overseas locations. Authorities are continuing to investigate the alleged money trail and broader network behind the operation, with further action expected as the probe progresses.
