An international law enforcement operation has dismantled the computer infrastructure powering multiple strains of information-stealer malware.
As part of “Operation Secure,” authorities in 26 Asian countries “worked to locate servers, map physical networks and execute targeted takedowns,” Interpol said in a statement. Law enforcement agencies worked with cybersecurity firms Group-IB, Kaspersky and Trend Micro to prepare assessments of their targets and shared that information with “cyber teams across Asia,” according to Interpol, resulting in “in the takedown of 79 percent of identified suspicious IP addresses.”
Authorities also seized 41 servers and arrested 32 alleged cybercriminals. Eighteen of those arrests occurred in Vietnam, including one suspect, the alleged leader of the targeted group, who was found with documents and technology that authorities say was part of “a scheme to open and sell corporate accounts.” Twelve other arrests occurred in Sri Lanka, while the remaining two occurred in the tiny Micronesian nation of Nauru.
Ransomware fodder
Infostealer malware extracts sensitive data such as passwords and credit card numbers, but it also yields secondary benefits. Interpol noted that cybercriminals often purchase infostealers’ activity logs on the dark web to serve as “a gateway for further attacks,” including ransomware and fraud.
“The Hong Kong Police analysed over 1,700 pieces of intelligence provided by INTERPOL and identified 117 command-and-control servers hosted across 89 internet service providers,” Interpol said. “These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud and social media scams.”
After the operation ended, law enforcement contacted more than 216,000 confirmed and suspected victims, warning them to change their passwords and check their accounts for unauthorized access
