Bangkok, June 2025 — INTERPOL has announced the successful culmination of Operation SECURE, a large-scale, multi-agency operation that significantly disrupted the global infrastructure behind infostealer malware. Conducted between January and April 2025, the initiative combined intelligence, law enforcement, and private sector collaboration to dismantle more than 20,000 malicious IP addresses and domains linked to 69 different infostealer malware variants.
Targeting the Digital Roots of Cybercrime
The coordinated operation mobilized cybercrime units from 26 countries across the Asia and South Pacific region, resulting in:
- Takedown of 79% of identified suspicious IP addresses
- Seizure of 41 physical servers and over 100 GB of digital evidence
- Arrest of 32 suspects involved in cyber-enabled criminal networks
Significant actions included 18 arrests in Vietnam, along with the confiscation of digital devices, SIM cards, forged business documents, and over $11,500 in illicit cash. Additional operations led to the detention of 12 individuals in Sri Lanka and 2 in Nauru, following targeted raids.
In Hong Kong, law enforcement traced and disrupted 117 command-and-control (C2) servers spread across 89 internet service providers, which were being used to coordinate large-scale phishing campaigns, financial fraud, and social engineering attacks.
“These coordinated efforts mark a significant blow to cybercriminal ecosystems leveraging infostealer malware,” said INTERPOL in its official statement. “Operation SECURE is proof that collective, cross-border action can lead to meaningful disruption.”
Infostealers: A Gateway to Ransomware and Fraud
Infostealers have emerged as a prime enabler of today’s cybercrime economy. Sold on darknet markets as malware-as-a-service (MaaS), these tools silently siphon browser-stored passwords, cookies, credit card details, and cryptocurrency wallet data from infected devices. The stolen credentials are then sold on underground forums, enabling secondary attacks such as:
- Ransomware deployments
- Business Email Compromise (BEC)
- Data breaches and account takeovers
Private-sector threat intelligence partners played a vital role in the operation. Group-IB, headquartered in Singapore, shared critical data on user accounts compromised by malware strains such as Lumma, RisePro, and MetaStealer. CEO Dmitry Volkov emphasized that this data is often the first link in the chain of escalating cyberattacks.
Trend Micro contributed threat telemetry that spotlighted Vidar, Lumma Stealer, and Rhadamanthys as among the most active malware families during the operation, while Kaspersky provided intelligence on stealer distribution networks and C2 infrastructure.
Cyber Command, Capacity Building, and Strategic Alliances
The operational component of the initiative culminated with a high-level meeting in Bangkok, co-hosted by the Royal Thai Police and supported by the Hong Kong Police Force, with financial backing from the UK Foreign, Commonwealth and Development Office (via ASPJOC) and the Council of Europe (via GLACY-e).
Over 75 cyber experts from 22 countries participated in:
- A Cyber Command Course led by the Hong Kong Police
- A table-top simulation to test real-time incident response
- An Operation Coordination Meeting to align tactical responses and future collaboration
Attendees also included representatives from the World Economic Forum, UNODC, and eight leading cybersecurity and tech companies: Group-IB, Kaspersky, Fortinet, Mastercard, Trend Micro, Binance, Accenture Security, and Microsoft.
A Blueprint for Future Cybercrime Disruption
Operation SECURE represents a model for proactive, intelligence-driven cyber enforcement. It comes on the heels of other major global crackdowns, including the recent takedown of 2,300 domains linked to Lumma Stealer and the October 2024 disruption of RedLine and MetaStealer infrastructures.
With infostealers continuing to fuel the underground economy and facilitate large-scale breaches, this operation reinforces the necessity of cross-border data sharing, law enforcement readiness, and public-private partnerships