- Cyber Syrup
- Posts
- INTERPOL Disrupts Global Network of Info-Stealing Malware
INTERPOL Disrupts Global Network of Info-Stealing Malware
INTERPOL announced the successful dismantling of over 20,000 malicious IP addresses and domains associated with 69 different variants of information-stealing malware

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Learn AI in 5 minutes a day
This is the easiest way for a busy person wanting to learn AI in as little time as possible:
Sign up for The Rundown AI newsletter
They send you 5-minute email updates on the latest AI news and how to use it
You learn how to become 2x more productive by leveraging AI
INTERPOL Disrupts Global Network of Info-Stealing Malware

In a significant international cybersecurity operation, INTERPOL announced the successful dismantling of over 20,000 malicious IP addresses and domains associated with 69 different variants of information-stealing malware. This operation, codenamed Operation Secure, ran from January to April 2025 and included the cooperation of law enforcement agencies from 26 countries.
Operation Secure: Key Outcomes
79% of identified malicious IP addresses were taken down.
41 servers were seized along with over 100 GB of forensic data.
32 individuals were arrested, with major arrests occurring in Vietnam (18 suspects), Sri Lanka (12), and Nauru (2).
Vietnamese authorities also confiscated devices, SIM cards, and cash amounting to approximately $11,500 USD.
Command-and-Control Infrastructure Targeted
The Hong Kong Police identified 117 command-and-control (C2) servers hosted by 89 internet service providers. These servers were used to control malware operations including phishing schemes, online fraud, and social media scams.
Countries Participating in the Operation
The operation involved a broad coalition from across Asia and the Pacific, including:
Brunei, Cambodia, Fiji, Hong Kong (China), India, Indonesia, Japan, Kazakhstan, Kiribati, Laos, Macau (China), Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, South Korea, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu, and Vietnam.
The Threat of Info-Stealing Malware
Information stealers—malware such as Lumma Stealer, Meta Stealer, and RisePro—are widely sold on underground forums as Malware-as-a-Service (MaaS). Once deployed, these tools extract:
Browser-stored credentials
Passwords and cookies
Credit card numbers
Cryptocurrency wallet data
This stolen data is often sold as "logs" to other cybercriminals who use it for ransomware, business email compromise (BEC), identity theft, and financial fraud.
Private Sector Involvement
Cybersecurity firm Group-IB supported the operation by supplying actionable intelligence about accounts compromised by these malware strains.
“The compromised credentials and sensitive data acquired by cybercriminals through infostealer malware often serve as initial vectors for financial fraud and ransomware attacks,” said Dmitry Volkov, CEO of Group-IB.
Conclusion
Operation Secure demonstrates the power of international collaboration in combating cybercrime. By disrupting key infrastructure and apprehending suspects, law enforcement agencies dealt a major blow to the global operations of info-stealing malware networks. Continued cooperation between governments and private cybersecurity firms remains crucial to protect digital ecosystems from such threats.