Introduction
Operation Synergia II [1] [2] [3] [4] [5] [6] [7] [8], conducted from April to August 2024 [2] [3] [8], marked a significant international effort to combat cybercrime, focusing on dismantling phishing networks, infostealing malware [7], and ransomware operations [4] [7]. This collaborative initiative involved law enforcement agencies from 95 countries and numerous private sector partners, resulting in substantial achievements in the fight against global cyber threats.
Description
Operation Synergia II [1] [2] [3] [4] [5] [6] [7] [8], conducted from April 1 to August 31, 2024 [1] [3] [6], resulted in a significant crackdown on phishing networks [7], infostealing malware [7], and ransomware [2] [4] [6] [7] [8], leading to the takedown of over 22,000 malicious servers and tens of thousands of malicious IP addresses linked to various cybercrime campaigns. This extensive operation involved law enforcement from 95 countries and private sector partners, including Kaspersky, Group-IB [1] [3] [4] [5] [6], Trend Micro [3] [4] [5], and Team Cymru [3] [4] [5], culminating in the arrest of 41 individuals [2] [3] [5] [8], with 65 others remaining under investigation [5]. Investigators assessed approximately 30,000 suspicious IP addresses [1] [6] [8], successfully dismantling 76% of them.
The operation underscored a substantial increase in ransomware attacks, estimated at about 70% globally, and identified phishing as the most prevalent technique for data theft and malware deployment [8], with advancements in generative artificial intelligence making phishing emails increasingly sophisticated and harder to detect [8]. Specific actions included the seizure of over 1,073 malicious servers in Hong Kong, 291 in Macau [1], and one server in Mongolia [4], along with 59 additional servers and 43 electronic devices, including laptops and mobile phones [5]. In Mongolia [1] [4] [7], authorities conducted searches at 21 locations, identifying 93 individuals linked to cybercriminal activities [7]. Madagascar authorities identified 11 individuals and confiscated 11 devices associated with malicious operations. In Estonia [1] [2] [7], more than 80GB of server data was collected for analysis related to phishing and banking malware [1].
Additionally, the operation included the shutdown of the phishing-as-a-service platform 16shop [8], which had compromised over 70,000 users across 43 countries [8]. The first phase of the operation [6], conducted between September and November 2023 [6], resulted in 31 arrests and the identification of 1,300 suspicious IP addresses and URLs used for phishing [6], banking malware [1] [2] [6] [7] [8], and ransomware attacks [2] [3] [6] [8]. This operation highlighted the effectiveness of public-private partnerships in combating global cybercrime [1], with intelligence from private firms being utilized to track illegal activities and provide insights on malicious command and control servers and IoT malware distribution. Team Cymru also contributed to the effort by utilizing its Pure Signal internet telemetry data platform to research and locate malicious infrastructure, enhancing threat intelligence reports [1].
Conclusion
Operation Synergia II demonstrated the critical importance of international collaboration and public-private partnerships in addressing the growing threat of cybercrime. The operation’s success in dismantling significant portions of malicious infrastructure and apprehending key individuals highlights the potential for future operations to further mitigate cyber threats. Continued advancements in technology and intelligence sharing will be essential in adapting to the evolving landscape of cybercrime, ensuring that global efforts remain effective in safeguarding digital environments.
References
[1] https://securityboulevard.com/2024/11/interpol-operation-shuts-down-22000-malicious-servers/
[2] https://cybermaterial.com/interpol-takes-down-22000-ip-addresses/
[3] https://me.pcmag.com/en/security/26741/interpol-cybercrime-sweep-takes-down-22000-ip-addresses-arrests-41
[4] https://www.techzine.eu/news/security/126002/interpol-takes-down-thousands-of-malicious-ip-addresses-and-servers/
[5] https://www.infosecurity-magazine.com/news/global-operation-takes-down-22000/
[6] https://thehackernews.com/2024/11/interpols-operation-synergia-ii.html
[7] https://www.techradar.com/pro/interpol-says-it-disrupted-thousands-of-cybercrime-instances-in-major-operation
[8] https://www.siliconrepublic.com/enterprise/interpol-22000-servers-ip-cyber-threats-ransomware-phishing
