Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41
Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II.
The operation took place between April and August 2024, spanning 95 countries and resulting in 41 arrests of those linked to various crimes, including ransomware, phishing, and information stealers.
Interpol said its enforcement action was backed by intelligence provided by private cybersecurity firms like Group-IB, Kaspersky, Trend Micro, and Team Cymru, leading to the identification of over 30,000 suspicious IP addresses.
Eventually, roughly 76% of those were taken down, 59 servers were seized, and 43 electronic devices were confiscated, which will be examined to retrieve additional evidence.
In addition to the 41 individuals who were arrested, the authorities are also investigating another 65 persons suspected of associating with illicit activities.
Location-based highlights from the operation are given below:
- Hong Kong (China): Police took down more than 1,037 servers linked to malicious services.
- Mongolia: Conducted 21 house searches, seized a server, and identified 93 individuals connected to illegal cyber activities.
- Macau (China): Police took 291 servers offline.
- Madagascar: Authorities identified 11 individuals with links to malicious servers and seized 11 electronic devices for investigation.
- Estonia: Police seized over 80GB of server data, working with INTERPOL to analyze data related to phishing and banking malware.
"The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II. Together, we've not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime," said Neal Jetton, Interpol's Director of the Cybercrime Directorate
The law enforcement agency says that generative AI is being used to enhance phishing operations, and information stealers are increasingly used as precursors to ransomware attacks, with the use of info stealers increasing by 70% last year.
Interpol's announcement concludes that phishing, ransomware, and info-stealer malware are currently among the most critical cyber threats, making this action a priority.
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner