INTERPOL’s Major Crackdown on Infostealer Infrastructure
On Wednesday, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains linked to 69 different information-stealing malware variants. This operation, codenamed Operation Secure, was conducted between January and April 2025 and involved law enforcement agencies from 26 countries across the Asia-Pacific region.
Key Details of the Operation:
• The operation targeted cybercriminal infrastructure used to deploy infostealer malware—malicious software designed to extract sensitive data such as browser credentials, passwords, cookies, credit card information, and cryptocurrency wallet data from infected devices.
• These stolen data logs are often traded on underground forums and serve as entry points for further cyberattacks, including ransomware, data breaches, and business email compromise schemes.
• INTERPOL worked closely with private-sector cybersecurity firms such as Group-IB, Kaspersky, and Trend Micro to generate Cyber Activity Reports, which provided actionable intelligence for law enforcement teams across Asia.
• Authorities seized 41 servers and over 100 GB of data, and arrested 32 suspects connected to illegal cyber activities.
• Over 216,000 victims and potential victims were notified so they could take immediate protective measures, such as changing passwords and freezing accounts.
Operational Highlights:
• In Vietnam, police arrested 18 suspects and seized cash, SIM cards, and documents related to a scheme for opening and selling corporate accounts.
• Sri Lanka and Nauru authorities conducted house raids, leading to 14 arrests and the identification of 40 victims.
• The Hong Kong Police analyzed over 1,700 pieces of intelligence, identifying 117 command-and-control servers used for phishing, online fraud, and social media scams.
International Collaboration:
• The operation was part of the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project, with participating countries including Japan, India, Indonesia, Korea, Singapore, Thailand, Vietnam, and others.
• In Japan, authorities secured 129 domestic servers and emphasized that the operation prevented a significant amount of potential damage by disabling servers used to relay unauthorized communications by the malware.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
