In a significant blow to global cybercrime, INTERPOL's Operation Secure has successfully dismantled over 20,000 malicious IP addresses and domains linked to 69 variants of information-stealing malware. This four-month coordinated effort, involving law enforcement from 26 countries and private cybersecurity firms, resulted in numerous arrests and the seizure of critical cybercriminal infrastructure.

Operation Secure: A Global Cybercrime Takedown

Between January and April 2025, Operation Secure, spearheaded by INTERPOL, targeted the digital infrastructure supporting information-stealing malware. This extensive operation involved law enforcement agencies from 26 countries across the Asia-Pacific region, including Brunei, Cambodia, Fiji, Hong Kong (China), India, Indonesia, Japan, Kazakhstan, Kiribati, Laos, Macau (China), Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, South Korea, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu, and Vietnam.

Key Outcomes and Seizures

The coordinated efforts of Operation Secure yielded substantial results:

• 79% of identified suspicious IP addresses were taken down.

• 41 servers were seized.

• Over 100 GB of data was confiscated.

• 32 suspects linked to illegal cyber activities were arrested.

Arrests and Investigations

Law enforcement agencies across participating nations played a crucial role in the arrests and investigations:

• Vietnam: 18 suspects were arrested, with devices, SIM cards, business registration documents, and approximately $11,500 in cash confiscated. These arrests were linked to a scheme selling corporate accounts for illicit use.

• Sri Lanka and Nauru: 14 individuals were apprehended in coordinated house raids, and 40 victims were identified.

• Hong Kong: Police identified 117 command-and-control servers across 89 internet service providers. These servers were instrumental in launching and managing malicious campaigns such as phishing, online fraud, and social media scams.

The Threat of Infostealer Malware

Information-stealing malware, often sold on the cybercrime underground, serves as a critical initial vector for more severe cyberattacks. These malicious programs are designed to siphon sensitive data, including:

• Browser credentials

• Passwords

• Cookies

• Credit card details

• Cryptocurrency wallet data

The stolen information is frequently monetized on underground forums, enabling subsequent attacks such as ransomware, data breaches, and business email compromise (BEC).

Public-Private Collaboration

Operation Secure highlighted the importance of collaboration between law enforcement and private cybersecurity firms. Companies like Group-IB, Kaspersky, and Trend Micro provided critical intelligence and technical expertise. Group-IB, for instance, supplied intelligence on user accounts compromised by stealer malware variants such as Lumma, RisePro, and MetaStealer. Trend Micro's investigation identified Vidar, Lumma Stealer, and Rhadamanthys as prominent infostealer families involved.

Following the operation, over 216,000 individuals and organizations at risk were notified, enabling them to take defensive actions like freezing accounts and changing passwords. This proactive approach underscores the growing focus on disrupting cybercrime infrastructure before it can inflict widespread harm.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure, The Hacker News.

• Cyber Sweep Disables 20,000+ Infostealer Ips And Domains, MENAFN.com.

• Interpol-Led Global Raid Dismantles 20,000+ Malicious IPs Tied to Data-Theft Malware, The420.in.

• INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown, Security Affairs.