Between January and April 2025, INTERPOL launched a major international cybercrime operation called Operation Secure, aimed at dismantling the digital infrastructure behind information-stealing malware. The operation involved law enforcement from 26 countries across the Asia-Pacific region, working in close partnership with cybersecurity companies.

Information stealers are a type of malware that secretly harvests login credentials, browser cookies, payment details, and other personal data from infected devices. These stolen credentials often end up for sale on underground marketplaces, leading to further criminal activity.

With help from private cybersecurity partners, authorities identified and disrupted over 20,000 malicious IP addresses and domains linked to infostealer campaigns. In addition, they seized 41 servers, collected more than 100 gigabytes of criminal data, and arrested 32 suspects believed to be involved in cybercrime.

In Vietnam, 18 individuals were taken into custody, including a suspected ringleader found with SIM cards, cash, and business records. More arrests were made in Sri Lanka and Nauru, and in Hong Kong, over 100 command-and-control servers were uncovered across nearly 90 internet service providers. These servers were linked to various online scams, including phishing and social media fraud.

As part of the cleanup effort, authorities reached out to more than 216,000 potential victims, urging them to change their passwords, secure their accounts, and remain alert to suspicious activity.

The operation disrupted several well-known malware families such as Vidar, Lumma, and Rhadamanthys, and demonstrated the effectiveness of coordinated public-private action. Intelligence from cybersecurity firms played a key role in tracking down and neutralizing the malicious infrastructure.

‍

Source: https://www.trendmicro.com/en_us/research/25/f/interpol-operation-secure.html