Interpol dismantled a vast network of cybercriminal infrastructure spanning 26 countries during Operation Secure, a coordinated law enforcement initiative that neutralized over 20,000 malicious IP addresses and domains linked to 69 info-stealer malware variants between January and April 2025.
The operation achieved a remarkable 79% takedown rate of identified suspicious IP addresses, effectively crippling global cybercriminal networks that arranged phishing campaigns, online fraud, and ransomware distribution schemes. Experts estimate this disruption could help reduce the annual cybercrime costs projected to reach $10.5 trillion by 2025.
Multi-country teams successfully located and mapped over 100 gigabytes of crucial data during takedowns, as authorities seized 41 servers directly linked to cybercriminal operations. Law enforcement identified 117 command-and-control servers responsible for deploying malware and coordinating international scams, with seizures including electronic devices, SIM cards, business documents, and financial assets across participating nations.
Multi-country teams seized 41 servers and mapped over 100 gigabytes of crucial cybercriminal data across participating nations.
The operation resulted in 32 arrests across Asia-Pacific countries, including significant law enforcement actions in Vietnam, Sri Lanka, and Nauru.
Vietnamese authorities apprehended 18 suspects while confiscating devices and financial assets. Sri Lankan police arrested 12 individuals, and Nauru officials detained 2 suspects. Hong Kong Police dismantled 117 command-and-control servers hosted through 89 internet service providers, as Macau and Mongolia contributed by removing substantial numbers of malicious servers. Vietnamese police seized over VND$300 million in cash, SIM cards, and documents detailing illegal activities from the arrested suspects.
Interpol’s collaboration with private-sector partners including Group-IB, Kaspersky, and Trend Micro proved crucial for tracking illegal cyber activities and identifying server infrastructure.
These partnerships facilitated efficient mapping of physical criminal networks through detailed Cyber Activity Reports, promoting rapid response capabilities and effective disruption strategies across participating countries including Brunei, India, Indonesia, Japan, and Vietnam. Intelligence sharing among law enforcement agencies enabled authorities to coordinate simultaneous takedowns across multiple jurisdictions.
The operation’s impact extended beyond infrastructure disruption, as authorities notified over 216,000 victims and potential victims post-operation.
These notifications allowed individuals and organizations to reset passwords, freeze compromised accounts, and remove unauthorized access points. The takedowns severed critical channels used for initial access by ransomware operators and other threat actors, as seized infostealer logs, typically sold on underground markets, were destroyed.
Law enforcement highlighted continued user vigilance following breaches to prevent secondary attacks, advising victims on cybersecurity best practices to maintain protection against future threats.
