Major blow to cybercriminals: Interpol takes down thousands of IPs and servers


An international Interpol operation has disabled a vast cybercrime infrastructure consisting of 22,000 malicious IP addresses used for phishing, information stealers, and ransomware. Authorities arrested 41 individuals, with 65 others still under investigation.

The cybercrime takedown operation, Synergia II, took place between April 1st and August 31st, 2024, and involved law enforcement agencies from 95 countries.

Police identified 30,000 suspicious IP addresses, of which 76% were taken down. Additionally, 59 servers and 43 electronic devices, such as laptops, mobile phones, and hard disks, were seized.

ADVERTISEMENT

Authorities identified and took offline hundreds of servers linked to malicious services: 1,037 in Hong Kong and 291 in Macau.

In Mongolia, police raided 21 houses and identified 93 individuals with links to illegal cyber activities. In Madagascar, 11 individuals with links to malicious servers were identified, and their devices were seized for further investigation.

Estonian police captured more than 80GB of server data, and authorities are now working with Interpol to analyze data linked to phishing and banking malware.

“We’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling victim to cybercrime,” Neal Jetton, Interpol’s Director of the Cybercrime Directorate, said.

jurgita Konstancija Gasaityte profile justinasv Gintaras Radauskas
Get our latest stories today on Google News

Operation Synergia II is a second attempt to cripple three key cybercrime types: phishing, infostealers, and ransomware. The first operation identified 1,300 suspicious IP addresses and URLs and led to 30 arrests.

Phishing remains the most widely reported initial access technique, leading to data theft, malware deployment, and lateral movement within systems. Cybercriminals use infostealers to exfiltrate login credentials or financial information, and the information may later be sold or used to infiltrate systems in ransomware attacks.

2023 marked an over 40% increase in the sale of logs collected from infostealers on the dark web. Ransomware attacks increased globally by an average rate of 70% across all industries in 2023.

ADVERTISEMENT

During Operation Synergia II, Interpol utilized Group-IB, Trend Micro, Kaspersky, and Team Cymru's expertise in tracking illegal cyber activities to identify thousands of malicious servers.