Listen to this Post
Introduction:
In a major global operation, INTERPOL successfully dismantled more than 20,000 malicious IP addresses and domains, all tied to 69 variants of information-stealing malware. The operation, named Operation Secure, spanned from January to April 2025 and was a collaborative effort by law enforcement agencies from 26 countries. This coordinated crackdown targeted networks used for cybercrime activities, resulting in significant arrests and data seizures. The mission aimed to disrupt the operations of cybercriminals responsible for stealing sensitive data like browser credentials, passwords, and financial details.
Operation Secure:
INTERPOL announced on Wednesday the dismantling of over 20,000 malicious IP addresses and domains associated with 69 different types of information-stealing malware. The joint action, known as Operation Secure, ran from January to April 2025, bringing together law enforcement agencies from 26 countries. The operation focused on identifying servers, mapping physical networks, and conducting takedowns of malicious entities. As a result, 79 percent of the identified suspicious IP addresses were shut down, and authorities seized 41 servers containing more than 100 GB of data.
Additionally, 32 suspects were arrested for their involvement in cybercrimes, with Vietnamese authorities making the highest number of arrests, capturing 18 suspects and seizing items like SIM cards, business documents, and over \$11,500 in cash. House raids in Sri Lanka led to the arrest of 12 individuals, while Nauru authorities apprehended two more suspects.
Notably, Hong Kong police uncovered 117 command-and-control servers, hosted by 89 different internet service providers, used by cybercriminals to execute campaigns such as phishing, fraud, and social media scams. Countries such as Brunei, Cambodia, Fiji, Hong Kong, India, Indonesia, and others were involved in this major operation. The takedown of these servers came just weeks after a similar operation led to the seizure of 2,300 domains linked to Lumma Stealer malware.
Information-stealing malware is a growing concern in cybersecurity. These tools, often sold on the dark web, are used by threat actors to steal credentials, passwords, credit card details, and cryptocurrency data. The stolen information is then sold or used for follow-up attacks like ransomware, business email compromise (BEC), and data breaches.
Group-IB, a cybersecurity company based in Singapore, participated in the operation by providing intelligence on compromised user accounts targeted by infostealers like Lumma, RisePro, and Meta Stealer. According to Dmitry Volkov, CEO of Group-IB, stolen data often serves as the entry point for cybercriminals to initiate financial fraud and ransomware attacks.
What Undercode Says:
Operation Secure is a significant milestone in the ongoing battle against cybercrime. As cybercriminals become more sophisticated, the need for international collaboration has never been greater. The fact that 26 countries participated in this takedown shows a unified front against the growing threat posed by information-stealing malware. This operation not only highlights the scale of the issue but also the importance of combining law enforcement, intelligence agencies, and private cybersecurity firms to track and dismantle these operations.
What’s particularly interesting is the role of information-stealing malware in facilitating a broader range of cybercrimes. Cybercriminals often use these malware variants as entry points for more devastating attacks, such as ransomware or data breaches. By targeting these malware families, the authorities have struck at the core of several criminal ecosystems that rely on stolen data to fuel subsequent attacks. This level of coordination between public and private sectors is a model for future operations.
Moreover, the operation’s success in targeting command-and-control servers is critical. These servers act as hubs from which cybercriminals control their malware and direct attacks. Dismantling these hubs disrupts not only the criminals’ ability to launch new attacks but also prevents the reactivation of previously infected machines. The sheer number of domains and IP addresses taken down is a testament to the effectiveness of this global operation.
As the malware landscape evolves, operations like these must become more frequent and agile. Threat actors constantly adapt their strategies, and the authorities must stay one step ahead. Future operations could include targeting emerging threats like advanced AI-driven attacks, which could complicate current defense mechanisms.
Fact Checker Results:
✅ Fact: INTERPOL’s Operation Secure dismantled 20,000+ malicious IP addresses tied to 69 types of malware.
✅ Fact: 26 countries participated in the operation, with arrests and data seizures reported.
❌ Misinformation: There is no confirmation that Operation Secure directly targeted ransomware operations—although it did focus on infostealers that could lead to such attacks.
Prediction:
Given the success of Operation Secure, we can expect more global collaborations between law enforcement and private cybersecurity firms. As cyber threats grow more sophisticated, law enforcement will likely refine their strategies to tackle emerging technologies, such as AI-powered malware. Future operations may also focus on targeting cloud-based command-and-control infrastructure, which could offer a greater challenge for current takedown methods. With more global players joining these efforts, the future of cybersecurity could see a sharper decline in successful large-scale cybercrimes.
References:
Reported By: thehackernews.com
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
