INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime


INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation.

Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure.

"Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized," INTERPOL said. "Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized."

The actions also led to the arrest of 41 individuals, with 65 others still under investigation. Some of the other key outcomes across countries are listed below -

  • Takedown of more than 1,037 servers by Hong Kong police
  • Seizure of a server and the identification of 93 individuals with links to illegal cyber activities in Mongolia
  • Disruption of 291 servers in Macau
  • Identification of 11 individuals with links to malicious servers and the seizure of 11 electronic devices in Madagascar
  • Seizure of more than 80GB worth of data in Estonia

Group-IB, which was one of the private sector partners alongside Kaspersky, Team Cymru, and Trend Micro, said it identified over 2,500 IP addresses linked to 5,000 phishing websites, and more than 1,300 IP addresses tied to various malware activities spanning 84 countries.

When reached for comment, the Singapore-headquartered company said it has no further specifics to share at this stage, citing reasons that there are other suspects who are still under investigation.

David Monnier, chief evangelist at Team Cymru, said it contributed to the effort by "identifying and categorizing malicious infrastructure" following extensive analysis.

"Our analysis did not dig into specific malware families due to their evolving nature," Josh Hopkins, S2 Threat Research Lead at Team Cymru, told The Hacker News.

"Our automated testing processes provide at scale insight, but for this operation our focus was to remain strategic on mapping tens of thousands of malicious nodes. We did not examine the content or hooks used by cybercriminals as part of the operation, our role exclusively focused on Internet telemetry analysis."

The first phase of Synergia took place between September and November 2023, leading to 31 arrests and the identification of 1,300 suspicious IP addresses and URLs used for phishing, banking malware, and ransomware attacks.


 

Comments