A press release from INTERPOL said officials dismantled 45,000 malicious IP addresses and servers used for phishing, malware and ransomware in an international operation that involved 72 countries and resulted in 94 arrests and 212 devices seized.
KEY FACTS
- Incident 45,000 malicious IP addresses and servers taken down
- Scope Operation involved 72 countries and territories
- Arrests 94 people detained with 110 under investigation
- Seized 212 electronic devices and servers
- Operation phase third phase ran from July 18, 2025 to January 31, 2026
The action was the third phase of Operation Synergia and targeted infrastructure used in phishing, malware and ransomware campaigns. Previous phases occurred in 2023 and 2024 and identified additional malicious servers and arrests.
An operation in Bangladesh resulted in 40 arrests and the confiscation of 134 electronic devices linked to loan and job scams, identity theft and credit card fraud. In Togo authorities detained 10 suspects accused of operating a residential fraud ring that used account takeovers and social engineering schemes such as romance scams and sextortion.
Macau authorities identified more than 33,000 phishing and fraudulent websites impersonating casinos, banks, governments and payment services that were set up to defraud victims by asking for top ups or personal information. The coordinated raids also seized servers and other electronic evidence in multiple locations.
India’s Central Bureau of Investigation conducted coordinated searches at 15 locations across Delhi, Rajasthan, Uttar Pradesh and Punjab in a probe of organized online investment and part time job fraud tied to a Dubai based fintech platform called Pyypl. The agency identified schemes that used social media, mobile apps and encrypted messaging to lure victims, moved funds through mule bank accounts and cashed out via offshore ATM withdrawals and wallet top ups, with some proceeds converted to USDT through India based virtual asset exchanges.
WHY IT MATTERS
Removing large numbers of malicious IPs and seizing devices disrupts criminal infrastructure and provides evidence for ongoing investigations. Coordinated action across countries also targets the financial flows and exchange channels used to cash out proceeds from online fraud.