Interpol’s cybercrime operation dismantles over 20,000 malicious domains
Law enforcement agencies seized 41 servers and over 100GB of data, resulting in the arrest of 32 individuals linked to illegal cyber operations.
Interpol hasrevealed that it has dismantled over 20,000 malicious IP addresses and domains associated with information-stealing malware. The operation, named Operation Secure, was conducted from January to April 2025 and involved law enforcement agencies from 26 countries. The primary focus was on locating and neutralising servers and networks utilised by cybercriminals.
“Interpol continues to support practical, collaborative action against global cyber threats,” said Interpol’s Director of Cybercrime Neal Jetton. “Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure.”
The international police organisation collaborated with private-sector entities such as Group-IB, Kaspersky, and Trend Micro to generate Cyber Activity Reports. These reports are said to have played a crucial role in facilitating targeted takedowns, leading to the removal of 79% of identified suspicious IP addresses. Law enforcement agencies seized 41 servers and over 100GB of data and arrested 32 individuals involved in illegal cyber activities.
During Operation Secure, Group-IB’s threat intelligence and high-tech crime investigations teams played the role of monitoring user accounts compromised by variousinfostealer malware, including Lumma, Risepro, and META Stealer. They provided essential intelligence on the command-and-control (C2) infrastructure used by cybercriminals. Furthermore, they tracked accounts linked to the dark web and Telegram, where these criminals advertised infostealer malware-as-a-service and sold stolen data.
Infostealer malware provides gateway to organisational network intrusions
The operation targeted infostealer malware, which is frequently used for unauthorised access to organisational networks. This type of malware extracts sensitive information such as browser credentials, cookies, and credit card details. These logs are often traded in underground markets, serving as entry points for ransomware attacks and schemes like Business Email Compromise (BEC).
According to Interpol, post-operation measures included notifying more than 216,000 individuals who were affected or potentially affected by the malware. Authorities advised these individuals to undertake security actions such as changing passwords or freezing accounts to mitigate further risk.
Vietnamese authorities arrested 18 suspects during the operation. Among them was a leader found with over VND300m ($11,500) in cash and documents suggestive of a scheme to establish and sell corporate accounts. These arrests were part of broader enforcement efforts under Operation Secure.
The Hong Kong Police Force analysed over 1,700 pieces of intelligence provided by Interpol. They identified 117 command-and-control servers hosted across 89 internet service providers. These servers were used to manage various malicious campaigns, including phishing attacks, online fraud, and social media scams.
Law enforcement agencies in Sri Lanka and Nauru conducted house raids that resulted in the arrest of 14 individuals and identified 40 victims. These arrests further illustrated the collaborative cross-border approach essential for tackling cybercrime.
Operation Secure is an initiative under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project. Nations involved include Brunei, Cambodia, Hong Kong (China), India, Indonesia, Japan, Malaysia, Singapore, Thailand, Vietnam, among others.
Read more:Interpol and Singapore Police thwart major business email compromise scam
Sign up for our regular news round-up!
Give your business an edge with our leading Tech Monitor
