A sophisticated international law enforcement operation has dismantled a major cybercrime network used to distribute data-stealing malware, with authorities seizing critical digital assets and arresting dozens of suspects.
Named Operation Secure, the coordinated campaign spanned 26 countries across the Asia-Pacific region and ran from January to April 2025. Spearheaded by INTERPOL under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) framework, the operation neutralized over 20,000 malicious IP addresses or domains, seized 41 servers, and collected over 100 gigabytes of forensic data.
What made this operation unique was the level of cross-sector collaboration. INTERPOL partnered with cybersecurity firms Group-IB, Kaspersky, and Trend Micro to create cyber activity reports and flag high-risk infrastructure before the operation. In total, authorities were able to disable 79% of the identified malicious IP addresses.
A growing cyber threat
The primary target of the operation was infostealer malware, a fast-growing cyber threat that covertly extracts browser credentials, passwords, crypto wallets, and financial information from infected devices. Once harvested, the stolen data often serves as a launchpad for ransomware attacks, business email compromise (BEC) schemes, and financial fraud.
“Infostealers act as the silent entry point for far more devastating cyber incidents,” said INTERPOL’s Director of Cybercrime, Neal Jetton. “Disrupting their infrastructure cuts off a critical supply chain for digital crime.”
Intelligence sharing and regional raids
Some of the more notable contributions for Operation Secure include the Hong Kong Police alone processing more than 1,700 intelligence leads and identifying 117 command-and-control servers operating across 89 internet service providers. These servers were operational hubs for phishing, social engineering, and fraud schemes.
Authorities in Vietnam arrested 18 individuals, including a suspected ringleader found with cash, SIM cards, and plans to sell fake corporate accounts.
Additional raids in Sri Lanka and Nauru resulted in 14 arrests. Both operations also uncovered 40 identified victims, highlighting the human toll of data theft operations.
Victim notification campaign
Operation Secure didn’t just result in arrests; authorities launched a large victim notification campaign and alerted more than 216,000 individuals and organizations potentially affected by the compromised data. Recipients were advised to take protective measures immediately, including changing passwords and securing financial accounts.
Long-term impact of Operation Secure
While cyber threats remain an enduring global challenge, Operation Secure shows what impact coordinated action can have.
“INTERPOL continues to support practical, collaborative action against global cyber threats,” said Group-IB CEO Dmitry Volkov. “By sharing actionable intelligence with INTERPOL and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks, and protecting both organizations and individuals globally.”
Read TechRepublic’s guide on how to protect against cyber threats.
