INTERPOL cyber operation takes down 22,000 malicious IP addresses

GLASGOW, United Kingdom - A global INTERPOL operation has taken down more than 22,000 malicious IP addresses or servers linked to cyber threats.

Operation Synergia II (1 April - 31 August 2024) specifically targeted phishing, ransomware and information stealers and was a joint effort from INTERPOL, private sector partners and law enforcement agencies from 95 INTERPOL member countries.

Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized. Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized. The operation led to the arrest of 41 individuals, with 65 others still under investigation.

A global operation

During Operation Synergia II, INTERPOL worked closely with its partners, Group-IB, Trend Micro, Kaspersky and Team Cymru, utilizing their expertise in tracking illegal cyber activities to identify thousands of malicious servers. INTERPOL shared this information with participating law enforcement agencies, which conducted preliminary investigations leading to a series of coordinated actions, including house searches, disruption of malicious cyber activities, and lawful seizures of servers and electronic devices. The following countries participated in the operation:

Hong Kong (China): Police supported the operation by taking offline more than 1,037 servers linked to malicious services.

Mongolia: Investigations included 21 house searches, the seizure of a server and the identification of 93 individuals with links to illegal cyber activities.

Macau (China): Police took 291 servers offline.

Madagascar: Authorities identified 11 individuals with links to malicious servers and seized 11 electronic devices for further investigation.

Estonia: Police seized more than 80GB of server data and authorities are now working with INTERPOL to conduct further analysis of data linked to phishing and banking malware.

Neal Jetton, INTERPOL's Director of the Cybercrime Directorate, said:

"The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II. Together, we've not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime. INTERPOL is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place."

Targeted crimes

Operation Synergia II is a response to the escalating threat and professionalization of transnational cybercrime. It prioritized three key cybercrime types to protect individuals and businesses globally:

Phishing: Phishing remains the most widely reported initial access technique, used to steal data, deploy malware and move within systems. Increasingly, Generative AI is allowing cybercriminals to create more sophisticated phishing emails, in multiple languages, making them more difficult to detect.

Infostealers: A type of malware that breaches computer systems to steal sensitive data, such as log in credentials or financial information. They are increasingly used to infiltrate systems in ransomware attacks. In 2023 there was over a 40% increase in the sale of logs collected from infostealers on the deep and dark web.

Ransomware: Ransomware attacks increased globally by an average rate of 70 per cent across all industries in 2023, with targeted sectors and geographies expanding considerably.

Public link

Please use the above public link if you want to share this noodl on another website.