Pakistan-China Cyber Syndicate Busted: ₹100 Crore Scam Exposed

Delhi Police have uncovered an international cyber syndicate linked to Pakistan and China operating sleeper cells in India. The network, involved in digital arrests, investment fraud, and cryptocurrency scams, has attempted 1.6 million cyberattacks on India's defense institutions in early 2026 alone. Seven accused, including a Chinese national, were arrested with 22 SIM boxes and over 20,000 SIM cards, exposing a ₹100 crore scam operation.

16/01/2026/3:22:pm

Key Points

Main accused Ritik (22) arrested in Samaypur Badli, acted as middleman for Pakistani handlers
Pakistani contacts identified: Numbers +923146376510 (Bilal), +923110509376, +923144770771 (Nawab) traced through e-SIM data
APT groups targeted defense institutions with 1.6 million attacks in early 2026
₹100 crore scam network busted with Chinese national Chen among seven arrested
Massive seizure: 22 SIM boxes, 20,000+ SIM cards, 120 physical SIM cards recovered
Commission structure: Ritik earned 5% per USDT cryptocurrency transaction

Delhi Police’s cyber team made a breakthrough arrest of 22-year-old Ritik from Samaypur Badli, who was operating as a key facilitator for Pakistan-based cybercriminals. Forensic analysis of his mobile phone revealed active communication with six Pakistani nationals through social media platforms using foreign numbers.

Ritik’s role involved procuring UPI IDs from Indian cryptocurrency traders and forwarding them to Pakistani handlers based in Lahore and Karachi. The traders, identified as Rahul Gujjar, Yash, and Akash, provided their UPI details, which were then used to funnel scam proceeds. Once victims made payments through fake loan applications, Pakistani handlers sent transaction screenshots directly to Ritik, who then facilitated conversion to USDT cryptocurrency.

The investigation uncovered that Ritik had been active in this operation for approximately three to four months. He received a 5% commission on each transaction, while Indian crypto traders charged an additional 3-4% margin. This sophisticated money laundering network was linked to the notorious ‘Kranti Gang’, with Ritik serving as a close aide of gangster Sonu Kharkhari, an associate of the slain criminal Rajesh Bharti.

Identification of Pakistani Handlers Through Digital Forensics

The cyber team’s technical investigation involved a detailed examination of mobile phones, WhatsApp chats, and e-SIM data, leading to the identification of key Pakistani handlers. The primary suspects include:

Bilal: +923146376510
Unidentified handler: +923110509376
Nawab: +923144770771

These numbers were traced through digital footprints left in the communication records, providing concrete evidence of cross-border coordination. The forensic analysis also revealed chat exchanges about cryptocurrency trades, UPI transfers, and payment proofs, establishing a clear chain of evidence.

Advanced Persistent Threat (APT) Groups and National Security Threat

Beyond financial fraud, the investigation exposed a graver threat to national security. Pakistan-based APT groups have been systematically targeting India’s defense institutions and government establishments. These sophisticated threat actors employ advanced techniques, sending malicious ZIP files containing desktop launchers and remote access Trojans (RATs) to compromise critical infrastructure.

According to cybersecurity officials, by early 2026, these groups had attempted approximately 1.6 million cyberattacks against Indian targets. While most attacks were successfully thwarted by security agencies, the scale and persistence indicate a coordinated campaign against India’s strategic assets. The malware campaigns include decoy documents themed around sensitive events, such as the Pahalgam terror attack, to lure defense personnel and government officials.

The International Syndicate Structure and Seizures

The cross-border operation involved a seven-member syndicate with international connections, including Chen, a Chinese passport holder. This highlights the transnational nature of the cybercrime network, linking Pakistani handlers with Chinese operatives and Indian facilitators.

During coordinated raids, law enforcement seized:

22 SIM boxes used for bulk SMS operations
Over 20,000 SIM cards for creating fake identities
120 physical SIM cards with various network providers

The total scam value uncovered during the operation amounted to approximately ₹100 crore, making it one of the largest cybercrime busts in recent months.

Modus Operandi and Citizen Exploitation

Cybersecurity experts revealed that the network employed multiple deceptive tactics. The syndicate lured citizens into opening bank accounts using fake documents or monetary incentives, then exploited these accounts for digital transactions. The operation extended beyond ordinary fraud, establishing fake loan recovery call centers where people were harassed and extorted using fabricated documents.

The network’s sophistication lies in its multi-layered approach, combining social engineering, financial fraud, and potential espionage activities. This transformation from simple scam operations to threats against national security has put Indian agencies on high alert.

Police Advisory and Reporting Mechanism

Delhi Police have issued a public advisory urging citizens to remain vigilant against suspicious calls, video calls, and online scams. The police emphasized that any such incidents should be immediately reported through:

Cybercrime.gov.in portal
Helpline number 1930
Local police stations

The advisory comes as part of a broader awareness campaign to prevent citizens from unwittingly becoming part of such cybercrime networks. Law enforcement agencies continue to monitor digital channels and work with financial institutions to track and dismantle these sophisticated operations.