INTERPOL dismantles infostealer malware network in Asia

During Operation Secure from January to April 2025, more than 20,000 IP addresses or malicious domains linked to 69 variants of infostealers were dismantled in an INTERPOL-coordinated operation targeting cybercriminal infrastructures. Law enforcement agencies from 26 countries in Asia (mainly Southeast Asia) worked together to find servers, geolocate physical networks and carry out targeted takedowns.

Participating countries reported the seizure of 41 servers and more than 100 GB of data, as well as the arrest of 32 suspects linked to illegal cyber activities.

Vietnamese police arrested 18 suspects, seizing devices from their homes and workplaces, more than 10,000 euros in cash, SIM cards and company registration documents. Sri Lankan authorities conducted house raids that led to the arrest of 12 people and the identification of 31 victims. Hong Kong Police analyzed more than 1,700 pieces of data provided by INTERPOL and identified 117 command and control servers hosted by 89 Internet Service Providers. These servers were used by cyber criminals as hubs to launch and manage malicious phishing campaigns, online fraud and social media scams.

Prior to the operation, INTERPOL cooperated with cybersecurity entities such as Group-IB, Kaspersky and Trend Micro to produce reports on malicious cyber activity, sharing information from computers across Asia. This coordinated work resulted in 79% of the suspicious IP addresses identified being shut down.