05.10.2025 13:50
An operation was carried out against an organized cybercrime group that defrauded citizens using the names of MIT, PTT, and HGS systems. Out of the 12 people captured in the operation, 10 were arrested.
```html
As part of the investigation conducted by the Istanbul Anatolian Chief Public Prosecutor's Office; as a result of a joint effort carried out by MIT, the Financial Crimes Investigation Board (MASAK), and the General Command of Gendarmerie, an organized cybercrime group that defrauded citizens using the names of the Postal and Telegraph Organization (PTT) and the Fast Pass System (HGS) was caught. Of the 12 individuals apprehended, 10 were arrested and sent to prison.
THEY COULDN'T ESCAPE FROM MIT
As a result of intelligence work carried out by MIT, it was determined that the suspects had loaded malicious software onto mobile devices with the Android operating system. Thanks to this malicious software, full control over the devices was achieved, and fake SMS messages containing "You have a Fast Pass System (HGS) debt" and "You have an undelivered PTT Cargo" were sent to third parties without the knowledge of the citizens. It was found that citizens were redirected to fake websites through the links in these messages, leading to the theft of their credit card information. The activities of the suspects, who were followed for 6 months, were gradually deciphered.
During this process, a large number of bank and cryptocurrency accounts were examined by the Financial Crimes Investigation Board (MASAK). Through technical and physical surveillance, the structure, connections, and methods used by the organization were revealed. It was determined that the cybercrime group was directed through Telegram channels via its affiliates located in Georgia, and the income obtained through these accounts was laundered through international transfers and converted into cryptocurrency. Based on MIT's intelligence work, efforts were initiated to identify and capture the connections in Georgia.
SIMULTANEOUS OPERATIONS IN 6 PROVINCES
Simultaneous operations were carried out in the provinces of Izmir, Van, Elazığ, Bingöl, and Hakkâri, centered in Istanbul, against the suspects identified as part of the investigation. In the dawn operations conducted, a total of 12 suspects were captured and taken into custody. Of the suspects, 10 were arrested, and 2 were released. During the searches conducted during the operations, a large number of digital materials, cryptocurrency wallets, cash, and foreign currency were seized.
318 WEBSITES SHUT DOWN
As a result of the operations carried out, 318 websites identified as being used in phishing attacks and fraudulent activities were seized and shut down. Additionally, a special control panel used by the cybercrime group to manage the malicious software loaded onto mobile phones was also seized. Through this panel, it was determined that the phones were completely controlled, SMS could be sent to third parties without the users' knowledge, incoming and outgoing calls could be redirected, the device's camera and screen could be monitored remotely, and real-time location information could be tracked.
It was also determined that the software recorded keystrokes, transmitting sensitive information such as passwords and one-time verification codes to the attackers. This method revealed that the attacks were not solely for financial gain; targets were tracked through real-time location monitoring, blackmail was conducted using camera footage, and the credit card information of thousands of citizens was stolen. It was found that the activities were coordinated through the organization's affiliates abroad and were also used for espionage purposes.
"MIT WILL NOT LET GO OF THEM"
MIT continues to resolutely use all its means and capabilities to prevent the victimization of citizens due to cyber fraudsters. Authorities emphasized that cybercrime groups pose a serious threat to the financial security of citizens, and therefore, the struggle carried out by all state institutions in a coordinated manner will continue uninterrupted. Citizens were strongly reminded not to download applications from untrusted sources, not to click on unknown links, and to conduct their transactions only through official channels.
```