India’s cyber battlefield is no longer limited to online fraud. Investigating agencies have uncovered a growing nexus between Chinese crime syndicates and Pakistan-based cyber operators aimed at building cyber sleeper cells inside India, posing a serious threat to national security. Recent enforcement actions reveal that this network is involved in digital arrest scams, fake investment schemes, instant loan app fraud and cross-border crypto transactions, while simultaneously probing vulnerabilities in sensitive national infrastructure.
According to officials familiar with the probe, several cybercriminals arrested in India were found to have direct digital links with handlers operating from Pakistan. These handlers allegedly guided local operatives within India, instructing them to arrange mule bank accounts, procure fake SIM cards and manage crypto wallets used to launder illicit funds.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Cross-border funding through cryptocurrency
Investigators say a key pillar of the network was crypto-based money movement, primarily using USDT. Funds were first deposited into Indian bank accounts via UPI using unsuspecting or rented identities. The money was then converted into cryptocurrency through platforms such as Binance and transferred to accounts controlled by Pakistani operators.
India-based facilitators acted as intermediaries in this chain, coordinating between local crypto traders and foreign handlers. Each transaction reportedly earned them commissions ranging between 5% and 10%, making the operation financially lucrative and difficult to trace in real time.
Factory of fake SIMs and mule accounts
The investigation has revealed an organised system for sourcing mule bank accounts and SIM cards, often using residents from rural or economically vulnerable areas. Individuals were lured with small payments to open accounts or hand over KYC details. These accounts were then used to rapidly rotate fraud proceeds across multiple layers, complicating financial tracking and delaying enforcement action.
Officials noted that such mule networks have become the backbone of large-scale cybercrime, enabling scammers to move funds within minutes before accounts are flagged or frozen.
Three-layer ‘digital arrest’ scam
Authorities outlined a structured, three-stage approach used in digital arrest frauds.
In the first stage, victims receive calls from scammers impersonating officials from telecom or regulatory bodies.
In the second stage, callers pose as law enforcement personnel, escalating fear by alleging serious offences.
In the final stage, a senior “officer” appears, offering to “resolve” the case in exchange for payments, often routed through mule accounts or crypto channels.
This method, investigators say, has been widely deployed to extract large sums under psychological pressure.
Cyber terror risk from APT groups
Security agencies have also flagged heightened activity by Pakistan-based Advanced Persistent Threat (APT) groups, which are believed to be targeting Indian defence, research and sensitive government institutions. Malicious ZIP files carrying remote access trojans, data-stealing malware and covert desktop launchers have been detected in multiple campaigns.
Officials said several such APT groups have been identified in recent months, responsible for repeated attempts involving millions of probing cyberattacks aimed at breaching secure networks.
SIM boxes and VoIP routing
To evade detection, the syndicate relied heavily on SIM boxes and VoIP-based call routing, masking international calls as domestic ones. Calls were often routed through third countries, making them appear to originate from Indian numbers. These techniques were used extensively in digital extortion and fake investigation scams.
₹100 crore-plus fraud network
Investigators estimate that cases linked to this international cyber syndicate account for fraud exceeding ₹100 crore. Raids have led to the seizure of thousands of SIM cards, dozens of SIM boxes and a large volume of digital devices. Several foreign nationals are also under scrutiny for their suspected roles in operating or financing the network.
A growing national security challenge
Security officials warn that since the beginning of 2026, the intensity and sophistication of cyber operations targeting India have increased sharply. What began as financial fraud has now evolved into a strategic national security risk, with cybercrime infrastructure overlapping with hostile intelligence and terror-linked objectives.
What citizens should do
Authorities have urged citizens to remain alert and report cybercrime immediately via cybercrime.gov.in or the national helpline 1930. Any suspicious call, video interaction or digital threat should be reported without delay, officials said, stressing that early reporting is critical to limiting damage.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
