Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains
More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL.
Called Operation Secure, the effort ran from January to April 2025 and involved law enforcement from 26 countries. Teams tracked down servers, mapped physical networks, and carried out targeted takedowns.
Law enforcement seizing equipment (Source: INTERPOL)
Before the operation began, INTERPOL worked with cybersecurity companies Group-IB, Kaspersky, and Trend Micro to create Cyber Activity Reports. These reports provided key intelligence to cyber teams across Asia. Thanks to the joint effort, 79% of the identified suspicious IP addresses were taken offline.
Authorities also reported seizing 41 servers, collecting more than 100 GB of data, and arresting 32 people connected to illegal cyber activity.
Vietnamese police arrested 18 people and seized electronic devices from their homes and workplaces. The group’s leader was found with $11,500 in cash, along with SIM cards and business registration papers. These items suggest they were involved in opening and selling fake corporate accounts.
As part of Operation Secure, police in Sri Lanka and Nauru also carried out home raids. They arrested 14 people, with 12 in Sri Lanka and two in Nauru, and identified 40 victims of cybercrime.
In Hong Kong, police reviewed more than 1,700 intelligence files shared by INTERPOL. Their investigation uncovered 117 command-and-control servers spread across 89 internet service providers. These servers were being used by cybercriminals to run phishing schemes, online fraud, and scams through social media.
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses,” said Neal Jetton, INTERPOL’s Director of Cybercrime.