Infostealer Takedown Sees Servers Seized, 32 Arrested

share
Header image

Infostealer Takedown Sees Servers Seized, 32 Arrested

share

INTERPOL-led operation also sees 216,000 victims informed of infection.

More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down.


During Operation Secure, which was led by INTERPOL and took place between January and April 2025,  law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns.


Participating countries reported the seizure of 41 servers and over 100 GB of data, as well as the arrest of 32 suspects linked to illegal cyber activities and the takedown of 79 percent of the identified suspicious IP addresses.


Following the operation, authorities notified over 216,000 victims and potential victims so they could take immediate action - such as changing passwords, freezing accounts, or removing unauthorised access.


Neal Jetton, INTERPOL’s director of cybercrime, said: “INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”


“We are delighted to have contributed to Operation Secure, and equally grateful to INTERPOL and local law enforcement agencies in apprehending these cybercriminals,” said Dmitry Volkov, CEO of Group-IB. “The compromised credentials and sensitive data acquired by cyber-criminals through infostealer malware often serve as initial vectors for financial fraud and ransomware attacks.

"By sharing actionable intelligence with INTERPOL and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks, and protecting both organizations and individuals globally.” 




Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Malware Published: 11 June Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Medical device threats increasingly disrupt healthcare systems

Medical device threats increasingly disrupt healthcare systems

 Zero Click Attacks: The Risk To Business

Zero Click Attacks: The Risk To Business

 Infostealers: Addressing a rising threat to UK businesses

Infostealers: Addressing a rising threat to UK businesses
Italian consultant targeted by Paragon spyware

Italian consultant targeted by Paragon spyware

 Industrial Sector Subjected to Advanced Zipline Phishing Campaign

Industrial Sector Subjected to Advanced Zipline Phishing Campaign

 Scaly Wolf APT Conducts Cyberespionage Against Russian Engineering Firm

Scaly Wolf APT Conducts Cyberespionage Against Russian Engineering Firm
Multiple Payloads Distributed by CastleBot MaaS Platform

Multiple Payloads Distributed by CastleBot MaaS Platform