INTERPOL announced on Wednesday the successful dismantling of over 20,000 malicious IP addresses and domains associated with 69 variants of information-stealing malware as part of a concerted initiative named Operation Secure.
The operation, which spanned from January to April 2025, involved the collaboration of law enforcement agencies from 26 countries. It enabled officials to trace servers, map out physical networks, and execute targeted takedowns of malicious infrastructures. According to INTERPOL, the coordinated efforts led to the takedown of 79 percent of the identified suspicious IP addresses.
As part of this enforcement activity, participating nations reported the seizure of 41 servers and over 100 GB of illegal data. Additionally, 32 individuals were arrested in connection with these cyber crimes. Notably, authorities in Vietnam detained 18 suspects and confiscated devices, SIM cards, business registration documents, and cash amounting to $11,500. Further raids led to the arrest of another 12 suspects in Sri Lanka as well as two more individuals in Nauru.
The Hong Kong Police contributed to the operation by identifying 117 command-and-control servers hosted by 89 internet service providers. These servers served as bases for launching and managing malicious campaigns, which included phishing and online fraud activities. Countries that participated in Operation Secure include Brunei, Cambodia, Fiji, South Korea, and several others, highlighting the international effort to combat cybercrime.
This announcement follows a previous operation that resulted in the seizure of 2,300 domains linked to the Lumma Stealer malware, showcasing an ongoing global crackdown on cyber threats. Information stealers, which are often offered in subscription packages on the dark web, provide a gateway for malicious actors to infiltrate networks, siphoning sensitive data such as credentials, payment details, and personal information.
Group-IB, a cyber intelligence firm based in Singapore that played a key role in the operation, emphasized that the compromised data acquired by cybercriminals often becomes a launching point for more severe attacks, including ransomware, data breaches, and business email compromise. According to Group-IB CEO Dmitry Volkov, the ongoing fight against information stealers is critical in safeguarding sensitive digital information from exploitation.