In one of the most sweeping intelligence-led operations in recent years, Counter Intelligence Kashmir (CIK) carried out simultaneous raids at 22 locations across the Kashmir Valley, targeting a covert financial network suspected of channelling proceeds from cyber fraud into organised crime structures, with worrying indicators of possible terror funding.
The searches were conducted after securing judicial approval and spanned multiple districts, including Srinagar, Budgam, Shopian and Kulgam. Officials described the operation as a valley-wide push to dismantle a “hidden money pipeline” operating behind routine digital transactions.
Final Call: FCRF Opens Last Registration Window for GRC and DPO Certifications
FIR and intelligence trail
According to investigators, the crackdown followed the registration of an FIR by CIK after receiving specific and actionable intelligence inputs. These inputs pointed to a well-organised syndicate that had been quietly generating large sums of illicit money through online scams, illegal betting and gaming platforms, phishing attacks and digital extortion, before routing the proceeds through a complex web of bank accounts.
Several transaction trails, officials said, raised serious red flags related to terror financing, prompting the agency to escalate the case from a cyber fraud probe to a broader national security investigation.
Mule accounts: the backbone of the network
At the core of the operation was the exposure of a vast “mule account” ecosystem—a method increasingly used by cybercrime syndicates to evade detection. These bank accounts were allegedly opened in the names of poor, unemployed or unsuspecting individuals, many of whom had limited awareness of financial regulations or the consequences of account misuse.
“These accounts functioned as temporary parking points,” an official associated with the probe said. “Money was moved rapidly across multiple accounts in quick succession, creating layers that made it extremely difficult to trace the original source and final destination.”
By ensuring that the first layer of transactions appeared in the names of vulnerable individuals, the key operators behind the syndicate remained shielded, while investigators were forced to sift through voluminous transaction data.
Devices, documents and digital footprints
During the coordinated searches, CIK teams seized mobile phones, laptops, digital storage devices and financial documents, all believed to contain crucial evidence of the network’s operations, internal communication and fund-routing mechanisms.
Forensic examination of seized devices is now underway, alongside transaction pattern analysis and financial intelligence mapping. Investigators are cross-verifying banking data with national cybercrime databases to identify higher-level handlers, beneficiaries and facilitators.
Detentions and widening probe
So far, 22 suspects have been detained for questioning. Officials clarified that these are preventive detentions for interrogation and analysis, and not formal arrests at this stage.
“There are clear indications that the network is not confined to Jammu and Kashmir,” a senior security official said. “We are examining national linkages and possible cross-border dimensions, given the digital infrastructure and financial routes involved.”
More detentions and arrests are expected as the probe progresses and evidence is corroborated.
Clear warning from security agencies
CIK officials stressed that the operation sends a strong deterrent message. Misuse of the banking system, they warned, is no longer viewed merely as financial wrongdoing but as a direct enabler of organised crime and terror activities.
“Money generated through cyber fraud does not exist in isolation,” an official said. “Even claims of unknowing participation will not automatically protect individuals from legal action.”
Authorities added that scrutiny of suspicious digital transactions has been intensified, with banks, fintech platforms and telecom operators expected to play a more proactive role in flagging irregular patterns.
What lies ahead
With digital evidence under forensic scrutiny and interrogations continuing, officials expect the investigation to widen significantly in the coming weeks. More searches, account freezes and formal arrests are likely as agencies work to dismantle the entire financial architecture of the network.
For India’s security establishment, the Kashmir operation underscores a growing reality: cybercrime, financial fraud and national security threats are increasingly intertwined, demanding intelligence-driven, technology-backed enforcement on an unprecedented scale.
