Interpol: Cybercrime Disruption Operation Leads to 41 Arrests

Interpol has disclosed a law enforcement operation that it led earlier this year, which targeted more than 22,000 malicious IP addresses and hundreds of servers linked to various phishing, ransomware and information stealer campaigns. The operation, which was called Operation Synergia II, took place between April and August and led to 41 arrests.

By the Numbers:

• The operation involved law enforcement agencies from 95 different countries

• The operation led to the arrest of 41 individuals, with 65 others still under investigation

• Overall, 30,000 suspicious IP addresses were identified - and of those, 76 percent were taken down and 59 servers were seized

• Law enforcement seized 43 electronic devices (like laptops, mobile phones and hard disks)

• Police in Hong Kong took down 1,037 servers that were linked to malicious services

Why It Matters: Operation Synergia II follows a law enforcement campaign led by Interpol between September and November 2023, which identified 1,300 suspicious IP addresses and URLs and detained 31 individuals. 

This more recent operation, announced by Interpol on Tuesday, gives us a glimpse into the behind-the-scenes activities around how public and private sector forces are working together to disrupt cybercrime. When carrying out the operation, Interpol said it prioritized the targeting of servers and individuals linked to phishing, ransomware and infostealer campaigns. Interpol worked with private sector companies, including Group-IB, Trend Micro, Kaspersky and Team Cymru, in order to identify thousands of malicious servers.

“Interpol shared this information with participating law enforcement agencies, which conducted preliminary investigations leading to a series of coordinated actions, including house searches, disruption of malicious cyber activities, and lawful seizures of servers and electronic devices,” according to Interpol in a statement.

Interpol’s statement also gives some insight into the international breadth of these types of operations - several countries played different parts. For example: Police in Mongolia searched 21 houses, seized a server and identified 93 people with links to cybercriminal activities, while authorities in Madagascar identified 11 people with links to malicious servers and seized 11 electronic devices for further investigation. 

The Big Picture: International collaboration between law enforcement agencies and private sector companies is helping to bolster these types of operations. In October, for instance, Europol announced it had worked with 12 countries and Eurojust to disrupt the LockBit ransomware group with arrests, server seizures and sanctions.