Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Operation Secure: INTERPOL’s Global Infostealer Crackdown Takes Down 20,000 Malicious IPs and Domains
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level Compromise
CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level Compromise
Jun 05, 2026
SOCRadar® Cyber Intelligence Inc. | HTTP/2 Bomb: How Default Configurations Open a New DoS Vector
HTTP/2 Bomb: How Default Configurations Open a New DoS Vector
Jun 04, 2026
SOCRadar® Cyber Intelligence Inc. | CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
May 29, 2026
SOCRadar® Cyber Intelligence Inc. | April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
May 29, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Jun 12, 2025
4 Mins Read
Apr 21, 2026
Moon

Operation Secure: INTERPOL’s Global Infostealer Crackdown Takes Down 20,000 Malicious IPs and Domains

In a sweeping victory against cybercrime, INTERPOL’s latest operation, codenamed Operation Secure, has dealt a significant blow to cybercriminal networks trafficking in stolen information. Between January and April 2025, authorities from 26 countries came together to dismantle 20,000 malicious IPs and domains, seizing 41 servers and arresting 32 suspects.

INTERPOL tweets about Operation Secure (X)

INTERPOL tweets about Operation Secure (X)

How Operation Secure Targeted Infostealer Networks

Operation Secure marks one of the most far-reaching takedowns of cybercriminal infrastructure this year. It involved months of intelligence gathering, analysis, and precise actions by law enforcement agencies across Asia and the South Pacific. With INTERPOL’s coordination, countries like Vietnam, Sri Lanka, and Nauru played critical roles in executing high-impact raids and arrests.

Law enforcement officers and INTERPOL personnel collaborating during Operation Secure (interpol.int)

Law enforcement officers and INTERPOL personnel collaborating during Operation Secure (interpol.int)

In Vietnam, police arrested 18 suspects linked to fraudulent schemes involving corporate accounts. Investigators discovered cash, SIM cards, and business registration documents at the homes of these suspects, indicating a large-scale operation to steal and sell corporate identities.

Sri Lankan and Nauruan authorities also carried out house raids that led to 14 more arrests and the identification of 40 victims. Meanwhile, in Hong Kong, police analyzed over 1,700 intelligence leads shared by INTERPOL, pinpointing 117 Command and Control (C2) servers used to manage campaigns like phishing and online fraud. These servers formed the backbone of infostealer operations, enabling cybercriminals to control vast botnets and harvest sensitive data from infected devices.

What Are Infostealers and Why Do They Matter?

Infostealer malware is a key tool in the cybercriminal arsenal. Once it infects a device, it stealthily harvests login credentials, browser cookies, credit card details, and even cryptocurrency wallet data. This stolen data is then bundled into stealer logs – detailed records that enable cybercriminals to take over accounts, bypass authentication systems, and launch further attacks.

Our blog post, “Stealer Logs: Everything You Need to Know”, explores how these logs act as a launching pad for large-scale data breaches and targeted attacks like Business Email Compromise (BEC). In essence, infostealers don’t just compromise data; they open the door to further exploitation.

Operation Secure’s Immediate Impact, and the Ongoing Threat

Following the operation, over 216,000 victims and potential victims were notified so they could take immediate action, like resetting passwords and removing unauthorized access. While these actions are essential in the short term, the evolving nature of infostealer malware poses a persistent challenge.

Cybercriminals continuously adapt, creating new variants of infostealers and refining their tactics. This makes it critical for organizations and individuals to go beyond basic hygiene practices. Threat HuntingDark Web Monitoring, and advanced detection methods are key to staying ahead of these threats.

SOCRadar’s Dark Web Monitoring

SOCRadar’s Dark Web Monitoring

Conclusion

The results of Operation Secure come on the heels of a broader trend of proactive law enforcement efforts worldwide. In 2024, several major cybercriminal networks were dismantled through coordinated international actions.

These operations not only take down infrastructure but also disrupt the financial and logistical networks that sustain cybercriminal enterprises. As Neal Jetton, INTERPOL’s Director of Cybercrime, stated, “Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”