Türkiye's National Intelligence Organization (MIT) has dismantled a cybercrime network accused of testing stolen credit card information through automated systems, leading to the detention of three suspects in coordinated operations in Istanbul and Kocaeli, northwestern Türkiye.
The operation was carried out jointly by MIT, the Cybersecurity Directorate (SGB), the Gendarmerie General Command (JGK) and the Financial Crimes Investigation Board (MASAK) following a multi-agency investigation into suspicious activity affecting large numbers of citizens.
The investigation began after authorities detected a surge in SMS notifications sent to credit card holders during the night of June 7 and continuing into the early hours of the following morning.
The messages informed recipients of attempted high-value transactions and included one-time verification codes, prompting concerns that card information was being tested without authorization.
After assessing the incident as an organized cybercrime operation, MIT coordinated a comprehensive response involving intelligence gathering, technical analysis, financial investigations and law enforcement measures.
According to officials, technical examinations conducted by the Cybersecurity Directorate and financial analyses carried out by MASAK revealed that large numbers of credit card details had been subjected to automated testing.
Investigators found that software was being used to verify the validity of card numbers. The testing process triggered automatic SMS alerts and one-time passwords that were sent to cardholders, allowing suspects to determine which cards remained active.
Intelligence efforts led by MIT helped identify the digital infrastructure and methods used by the network. Authorities were able to trace the systems involved, determine the identities of the suspects and uncover the technical tools used in the operation.
As part of an investigation launched by the Ankara Chief Public Prosecutor's Office, cybercrime units from the Ankara Provincial Gendarmerie Command carried out simultaneous raids in Istanbul and Kocaeli.
Initial examinations of seized digital materials uncovered software believed to have been used for mass credit card testing, along with records documenting the group's activities.
Investigators also discovered organized datasets containing test records related to numerous credit cards, suggesting a systematic effort to verify and categorize financial information.
The Cybersecurity Directorate further analyzed IP addresses, server records and other digital traces linked to the operation, exposing a significant portion of the technical infrastructure used by the suspects.
The systems and digital connections employed by the network were largely identified and neutralized.
No financial losses were recorded as a result of the incident. However, the method used by the suspects is among the tactics commonly employed by organized cybercrime groups seeking to exploit payment systems and financial data.
