- Winners and losers in the Top500 supercomputer ranking
- Meter secures $170 million to scale NaaS stack from the ground up
- Garmin unveils its Apple Ultra Watch 2 competitor, the Venu X1
- Anker issues recall for popular power bank due to fire risk - stop using it now
- Massive cloud outage knocks out internet services across the globe
20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown
Over 20,000 malicious IP addresses and domains linked to information stealers (infostealers) have been taken down in an operation against cybercriminal infrastructure in Asia.
Interpol communicated on June 11 the results of Operation Secure, a regional initiative organized under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project.
The operation involved 25 Asian countries as well as Macau and Hong Kong, two autonomous regions of the People’s Republic of China (PRC), with the collaboration of three private sector partners, Group-IB, Kaspersky and Trend Micro.
The operation’s main results include:
- 20,642 IP addresses and domains taken down
- 41 servers and over 100GB of data seized
- $11,500 in cash, SIM cards and business registration documents seized
- 32 individuals arrested, including the suspected ringleader of a cybercriminal organization
- 216,058 notifications sent to potential victims
Coordinated Raids in Four Territories in Asia-Pacific
Ahead of the operation, Interpol cooperated with its private sector partners to produce cyber activity reports, sharing critical intelligence with cyber teams across Asia.
In a public statement sent to Infosecurity, Group-IB said that two of its teams, the Threat Intelligence team and the High-Tech Crime Investigations team, provided intelligence about infostealer malware, such as Lumma, Risepro and Meta Stealer.
This intelligence included user accounts compromised by the infostealers, the cybercriminals’ command-and-control (C2) infrastructure, as well as accounts linked to the dark web and Telegram used by the cybercriminals to advertise infostealer malware-as-a-service (MaaS) and sell stolen data.
The Hong Kong Police analyzed over 1700 pieces of intelligence provided by Interpol and identified 117 C2 servers hosted across 89 internet service providers.
“These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud and social media scams,” said Interpol in a public statement.
From this intelligence, Interpol and ASPJOC coordinated a task force, dubbed Operation Secure, that conducted raids across four territories in the Asia-Pacific (APAC) region (Vietnam, Hong Kong, Sri Lanka and Nauru).
The Vietnamese police arrested 18 suspects, seizing devices from their homes and workplaces. The group’s leader was found with over VND300m ($11,500) in cash, SIM cards and business registration documents, indicating a scheme to open and sell corporate accounts.
House raids were also carried out by authorities in Sri Lanka and Nauru, leading to the arrest of 14 individuals – 12 in Sri Lanka and two in Nauru – as well as the identification of 40 victims.
Wave of Malware Infrastructure Takedowns
Neal Jetton, Interpol’s Director of Cybercrime, commented: “Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
Dmitry Volkov, CEO of Group-IB, said he was “delighted” that his company had contributed to Operation Secure.
“The compromised credentials and sensitive data acquired by cybercriminals through infostealer malware often serve as initial vectors for financial fraud and ransomware attacks. By sharing actionable intelligence with Interpol and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks and protecting both organizations and individuals globally,” he added.
Authorities participating in Operation Secure under Interpol’s and ASPJOC’s leadership included Brunei, Cambodia, Fiji, Hong Kong (China), India, Indonesia, Japan, Kazakhstan, Kiribati, Korea (Rep of), Laos, Macau (China), Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu and Vietnam.
This operation follows a series of other law enforcement actions targeting cybercriminal infrastructure and groups, including those against Lumma, QakBot and DanaBot.
Read more: Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown
