Interpol has announced the takedown of more than 20,000 malicious IP addresses and domains linked to information-stealing malware in a sweeping international effort named Operation Secure. Conducted between January and April 2025, the operation saw participation from law enforcement agencies across 26 countries, with a primary focus on locating and dismantling the digital infrastructure used by cybercriminals.
“Interpol continues to support practical, collaborative action against global cyber threats,” said Neal Jetton, Interpol’s Director of Cybercrime. “Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure.”
Working closely with cybersecurity firms including Group-IB, Kaspersky, and Trend Micro, Interpol generated Cyber Activity Reports that played a pivotal role in enabling precise takedowns. These efforts resulted in the removal of 79% of the flagged suspicious IP addresses. Authorities also seized 41 servers, collected more than 100GB of data, and made 32 arrests connected to illicit cyber activities.
A major focus of the operation was infostealer malware—a type of software designed to extract sensitive data such as browser credentials, cookies, and credit card information. Often traded in underground cybercrime forums, these stolen credentials serve as gateways for more severe cyber threats like ransomware and Business Email Compromise (BEC) attacks.
Following the operation, Interpol coordinated notifications to over 216,000 individuals who were affected or potentially compromised. These individuals were urged to strengthen their digital security by updating passwords, freezing financial accounts, and taking other precautionary measures.
Vietnamese law enforcement arrested 18 suspects, including a key figure found in possession of more than VND300 million (approximately $11,500) in cash and documents allegedly linked to schemes for creating and selling corporate accounts.
In Hong Kong, police reviewed over 1,700 intelligence files shared by Interpol. Their investigation led to the identification of 117 command-and-control servers hosted across 89 different internet service providers. These servers had been orchestrating various cyber campaigns such as phishing, online fraud, and social media scams.
Meanwhile, authorities in Sri Lanka and Nauru carried out house raids that resulted in 14 arrests and the identification of 40 victims. These operations underscored the importance of cross-border cooperation in the fight against cybercrime.
Operation Secure is part of the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project. Participating nations included Brunei, Cambodia, Hong Kong (China), India, Indonesia, Japan, Malaysia, Singapore, Thailand, and Vietnam, among others.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
