An international cybercrime operation coordinated by INTERPOL has led to the takedown of more than 20,000 malicious IPs and domains used to deploy infostealer malware across the Asia-Pacific region.
Dubbed Operation Secure, the four-month crackdown (January to April 2025) brought together law enforcement from 26 countries and private cybersecurity partners to disrupt a growing cybercriminal infrastructure built around data-stealing malware. The effort also led to 32 arrests, 41 server seizures and the collection of over 100 GB of criminal data.
A Clear Target: Infostealers
Infostealer malware has become a go-to tool for cybercriminals seeking quick access to personal and corporate information. Once installed, it quietly extracts browser credentials, email logins, cookies, crypto wallet data and more. This information is then sold on underground marketplaces, fueling a wide range of attacks including ransomware, business email compromise (BEC) and online fraud.
“Logs stolen by infostealers are often the starting point for wider breaches,” said INTERPOL Cybercrime Director Neal Jetton. “Cutting off these initial access points disrupts larger criminal operations.”
Private Sector Intelligence Key to Operation
The operation was powered by cyber intelligence reports from Group-IB, Kaspersky and Trend Micro. These reports helped INTERPOL and national agencies identify suspicious infrastructure ahead of time, contributing to a 79% takedown rate of the flagged IPs.
The Hong Kong Police played a critical role by analyzing over 1,700 leads and identifying 117 command-and-control servers spread across 89 internet service providers. These servers were used to coordinate phishing scams, social engineering attacks and account takeovers.
Arrests, Raids and Seized Evidence
Vietnamese authorities arrested 18 suspects, including a ringleader found with business registration documents, SIM cards and more than 300 million dong (about USD 11,500) in cash. Evidence suggests the group was involved in creating and selling corporate accounts.
Further arrests came from Sri Lanka and Nauru, where coordinated raids led to the detention of 14 individuals and the identification of 40 victims. Devices were seized from both homes and workplaces, pointing to structured cybercriminal operations rather than lone hackers.
Victim Notification and Follow-up
After dismantling infrastructure, authorities alerted over 216,000 victims and potential victims. Those notified were urged to change passwords, secure email accounts, freeze compromised financial services and scan their devices.
Operation Secure was conducted under the ASPJOC (Asia and South Pacific Joint Operations Against Cybercrime) framework. Participating countries ranged from large players like India and Japan to smaller island nations including Kiribati, Vanuatu and Tonga, highlighting a region-wide commitment to fighting cybercrime at all levels.
While infostealer operations continue to spread, the results of this crackdown show that even widely distributed criminal infrastructure can be disrupted with the right mix of intelligence, speed and cross-border cooperation.
Click Here For The Original Source.
