Global INTERPOL Op Dismantles 22,000 Cyberattack-Related IP Addresses

• Operation Synergia II took down over 22,000 IPs linked to cyberattacks of the identified 30,000 suspicious ones.
• Interpol’s global action involved the seizure of approximately 60 servers connected to cyber threats.
• The operation resulted in the arrest of 41 individuals suspected of being involved in administrating these servers.

INTERPOL's latest global initiative, Operation Synergia II, has successfully dismantled over 22,000 malicious IP addresses and servers linked to pervasive cyber threats. This operation specifically targeted phishing, ransomware, and information stealers, underscoring the operation's comprehensive approach to tackling these prominent cyber threats.

INTERPOL collaborated with private sector partners—Group-IB, Trend Micro, Kaspersky, and Team Cymru—and law enforcement agencies from 95 member countries. 

This extensive cooperation from April 1 to August 31, 2024, facilitated the identification of approximately 30,000 suspicious IP addresses, with a remarkable 76% being taken offline alongside the seizure of 59 servers. Authorities also confiscated 43 electronic devices, including laptops and mobile phones, which are critical in ongoing investigations.

The operation resulted in the arrest of 41 individuals and left 65 others under investigation. Among the countries actively participating, Hong Kong (China) took offline over 1,037 servers, while Mongolia's efforts included 21 house searches and the identification of 93 individuals connected to illegal cyber activities. 

Macau (China) contributed by deactivating 291 servers, and Madagascar's authorities identified 11 individuals linked to malicious servers. In Estonia, police seized over 80GB of server data for further analysis, focusing on phishing and banking malware.

Operation Synergia II's success highlights the need for a unified global response to cybercrime's evolving nature. The operation not only dismantled infrastructure but also prevented countless potential victims from falling prey to cybercriminals. INTERPOL's commitment to uniting diverse member countries showcases a robust defensive strategy against transnational cyber threats.

The operation prioritized three critical cybercrime categories: phishing, infostealers, and ransomware.

The most widely reported technique for initial system access, phishing facilitates data theft, malware deployment, and unauthorized system navigation. The rise of Generative AI has enabled cybercriminals to craft more sophisticated, multilingual phishing emails, complicating detection efforts.

Infostealers infiltrate systems to extract sensitive data, including login credentials and financial information. Infostealers have seen increased use in ransomware attacks, with a 40% rise in the sale of stolen logs on the deep and dark web in 2023 alone.

With a global increase of 70% in ransomware attacks across various industries in 2023, the threat continues to expand, affecting more sectors and geographies.

In May, an internationally coordinated operation disabled several global malware droppers that facilitated cyberattacks, resulting in the arrest of four people and more than 100 internet servers taken down or disrupted in Europe, the UK, the US, and elsewhere.