Introduction
Operation Secure represents a significant international effort to dismantle cybercriminal infrastructure, targeting over 20,000 malicious IP addresses and domains associated with infostealer malware [3] [4] [5] [6] [7]. This operation highlights the importance of global cooperation in combating cyber threats and showcases the collaborative efforts of law enforcement agencies and private sector partners.
Description
Over 20,000 malicious IP addresses and domains linked to at least 69 variants of infostealer malware [8], specifically designed to gain unauthorized access to organizational networks and extract sensitive data such as login credentials [2], passwords [2], and cryptocurrency wallet information [6], have been dismantled during a significant international operation against cybercriminal infrastructure [3], known as Operation Secure [1] [3] [4] [5] [6] [7] [9]. This initiative [1] [4] [5] [7] [8] [9], which took place from January to April 2025 [4] [5] [6], involved law enforcement agencies from 26 countries in the Asia-Pacific region [6] [8], including Macau [1] [6] [9], Hong Kong [1] [4] [6] [9], and Singapore [2], where the Cybercrime Command and the Cyber Security Agency played key roles [2]. Organized under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project [3] [8], the operation underscored the increasing global cooperation in addressing cyber threats and was supported by private sector partners such as Group-IB, Kaspersky [1] [3] [4] [5] [6] [8] [9], and Trend Micro [1] [3] [4] [5] [6] [8] [9]. These firms collaborated with INTERPOL to produce detailed intelligence reports that provided crucial insights into various infostealer families, including Lumma [1] [6] [9], RisePro [1] [6] [9], and Meta Stealer [1] [6] [9], encompassing compromised user accounts and the command-and-control (C2) infrastructure utilized by cybercriminals [1] [9].
Key outcomes of Operation Secure included the takedown of 20,642 IP addresses and domains [1] [9], the seizure of 41 servers [1] [2] [3] [6] [9], and the collection of over 100GB of data [2] [7]. Authorities arrested 32 individuals linked to illegal cyber activities [3] [4], including a suspected ringleader found in possession of significant cash, SIM cards [4] [6], and business registration documents [4], indicating involvement in creating and selling fraudulent corporate accounts [4]. The operation achieved a takedown rate of 79% for identified suspicious IP addresses and resulted in the identification of over 216,000 potential victims [3], with authorities sending 216,058 notifications to those at risk.
Intelligence sharing played a crucial role in the operation [9], with the Hong Kong Police analyzing over 1,700 pieces of intelligence [1], which led to the identification of 117 command-and-control servers across 89 internet service providers used for phishing, online fraud [1] [4], and social media scams [4]. Authorities conducted raids in Vietnam [9], Hong Kong [1] [4] [6] [9], Sri Lanka [1] [4] [6] [9], and Nauru [1] [4] [6] [9], leading to the arrest of 18 suspects in Vietnam and 14 in Sri Lanka and Nauru [9], along with the identification of 40 victims [6] [9].
Operation Secure demonstrated the effectiveness of collaborative intelligence sharing in disrupting malicious infrastructure and preventing harm to individuals and businesses [9]. This initiative is part of ongoing efforts to combat cybercriminal activities [9], following previous actions against threats like Lumma [9], QakBot [9], and DanaBot [9]. The operation included tracking down servers [5], mapping physical networks [5], and executing targeted takedowns [5], further highlighting the comprehensive approach taken to dismantle cybercriminal operations.
Conclusion
Operation Secure underscores the critical role of international collaboration in addressing the pervasive threat of cybercrime. By dismantling malicious infrastructure and apprehending key individuals [9], the operation mitigated potential harm to countless individuals and organizations. The success of this initiative sets a precedent for future operations, emphasizing the need for continued cooperation and intelligence sharing to effectively combat evolving cyber threats.
References
[1] https://ft365.org/index.php/2025/06/11/20000-asian-ips-and-domains-dismantled-in-infostealer-crackdown/
[2] https://www.straitstimes.com/singapore/over-1000-malicious-ip-addresses-in-singapore-taken-down-in-interpol-led-crackdown
[3] https://cybersecuritynews.com/operation-secure/
[4] https://www.helpnetsecurity.com/2025/06/11/operation-secure-cybercrime-infostealer-crackdown/
[5] https://itsecuritynewsbox.com/index.php/2025/06/11/infostealer-crackdown-operation-secure-takes-down-20000-malicious-ips-and-domains/
[6] https://cyberinsider.com/interpol-seizes-20000-infostealer-linked-assets-arrests-32-operators/
[7] https://hackread.com/operation-secure-interpol-disrupts-infostealer-domains/
[8] https://gbhackers.com/interpol-dismantles-20000-malicious-ips-and-domains-tied/
[9] https://www.infosecurity-magazine.com/news/interpol-operation-secure/
