4 days ago
Interpol crackdown: 20,000 malicious IPs and domains taken down globally, 32 suspects arrested
More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in a global operation against cybercriminal infrastructure, coordinated by the Interpol.
During the exercise, codenamed 'Operation Secure' (January-April 2025), law enforcement agencies from 26 countries, including India, worked to locate the servers, map physical networks, and execute targeted takedowns.
'Ahead of the operation, Interpol cooperated with private sector partners Group-IB, Kaspersky and Trend Micro to produce cyber activity reports, sharing critical intelligence with cyber teams across Asia. These coordinated efforts resulted in the takedown of 79% of identified suspicious IP addresses,' the Interpol said.
The participating countries reported the seizure of 41 servers and over 100 GB (gigabyte) of data, as well as the arrest of 32 suspects linked to illegal cyber activities.
'Infostealer malware is a primary tool for gaining unauthorised access to organisational networks. This type of malicious software extracts sensitive data from infected devices, often referred to as bots. The stolen information typically includes browser credentials, passwords, cookies, credit card details, and cryptocurrency wallet data,' the Interpol said.
The global police organisation said the logs harvested by 'infostealers' were increasingly traded on the cybercriminal underground, and were frequently used as a gateway for further attacks. These logs often enable initial access for ransomware deployments, data breaches, and cyber-enabled fraud schemes, including 'Business Email Compromise'.
'Following the operation, authorities notified over 2,16,000 victims and potential victims so they could take immediate action — such as changing passwords, freezing accounts, or removing unauthorized access,' the Interpol said.
During the exercise, 18 suspects were arrested in Vietnam. The group's leader was found with money worth over $11,500 in cash, SIM cards, and business registration documents.
In Sri Lanka and Nauru, 40 victims were identified. In Sri Lanka, 12 persons were arrested, and in Nauru, two persons were arrested. In Hong Kong, 117 command-and-control servers hosted across 89 Internet service providers were identified based on the inputs provided by the Interpol. 'These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud, and social media scams,' the Interpol said.
Operation Secure is a regional initiative organised under the Asia and South Pacific Joint Operations Against Cybercrime Project.
