Monday, June 16, 2025
HomeCyber Crime'Black Panthers' - A SIM Swap Gang Connected With Dark Web Got...

‘Black Panthers’ – A SIM Swap Gang Connected With Dark Web Got Arrested

Published on

SIEM as a Service

Follow Us on Google News

Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes.

The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang.

The operators behind this Black Panthers committed the bank scams through SIM swapping attacks with other methods such as social engineering techniques, VishingPhishing, or Carding to call forwarding.

- Advertisement - Google News

There 100s of victims got scammed and this group stole around 250,000 euros.

“The investigation -which has made it possible to detect some 100 victims and a fraud amounting to 250,000 euros distributed throughout the national territory- has ended with the arrest of 55 people of different nationalities.”

Criminals Network Structure

The criminal gang formed a well structure network and each division employed the respective skill, accessibility to stolen information, and experience.

The group used various techniques such as phishing, fishing, and call forwarding techniques to create duplicate SIM cards using the SIM Swapping technique.

Once they successfully swapped the SIM card they took control of the electronic banking of their victims and made fraudulent transfers to a network.

The Combined attack allowed them to access the funds in the victims’ accounts, which they had until the existing balance was exhausted.

“The solvency with which the criminal organization acted against the companies was such that they got in touch with their local distributors, posing as the technical service of their platform, to steal the user credentials of the employees.”

Bought Cards from Dark Web

As a result ” This gave them access to the database of the telephone operators themselves and allowed them to obtain the personal data of the victims, making duplicate SIM cards themselves.” Spanish police said in a press release report.

Enforcement officials found that the organization also used members of a second action cell specialized in committing fraud through carding (cloning bank cards) and obtaining personal information through social engineering.

Also, the group bought ID and credit card numbers through various black markets on the Dark Web using cryptocurrencies and successfully cloned cards used to buy purchase luxury products and also get delivered by displaying the physical ID cards stolen or purchased on black markets.

Police have carried out seven home searches in which a hardware-type cryptocurrency portfolio, 45 SIM cards, 11 mobile phones, 4 laptops, a high-end vehicle and abundant documentation related to the facts investigated have been involved.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...