Lyon, France — INTERPOL has announced the successful conclusion of Operation Secure, a multi-national cybercrime initiative targeting infostealer malware operations across Asia. The four-month operation, which ran from January to April 2025, resulted in the takedown of over 20,000 malicious IP addresses and domains, the arrest of 32 individuals, and the notification of more than 216,000 affected victims.
Conducted in collaboration with law enforcement agencies from over 25 countries, the operation was supported by leading cybersecurity firms including Kaspersky, Group-IB, and Trend Micro. Together, they dismantled infostealer infrastructure and investigated cybercriminals responsible for stealing vast amounts of personal and financial data from victims worldwide.
Key outcomes of the operation include:
- 20,000+ IP addresses and domains linked to infostealer activity taken offline
- 41 servers seized
- Over 100 gigabytes of illicit data captured
- 32 arrests made, including 18 in Vietnam, and 14 across Sri Lanka and Nauru
- More than 216,000 victims notified and advised on mitigation steps
In one notable case, Vietnamese authorities arrested the alleged ringleader of a cybercrime group found in possession of over $11,000 in cash, SIM cards, and business registration documents—indicating involvement in the sale of stolen corporate account credentials.
In Hong Kong, police identified 117 command-and-control (C&C) servers distributed across nearly 90 internet service providers (ISPs), highlighting the scale and complexity of the network behind infostealer malware.
Infostealers are a class of malware designed to harvest sensitive data from compromised systems, including login credentials, payment card details, and cryptocurrency wallet information. These stolen assets are often sold on the dark web or used in further cyberattacks.
According to Kaspersky, Operation Secure targeted nearly 70 different infostealer variants. Group-IB focused on malware families such as Lumma, RisePro, and META Stealer, while Trend Micro investigated strains including Vidar, Lumma Stealer, and Rhadamanthys—described by the company as among the “most prominent infostealer families detected in this operation.”
The announcement comes just weeks after global law enforcement agencies, in collaboration with Microsoft, disrupted the infrastructure supporting the Lumma Stealer malware.
Authorities emphasized that public-private cooperation remains crucial in combating evolving cyber threats. Victims identified during the operation were urged to reset passwords, monitor accounts for suspicious activity, and adopt strong cybersecurity hygiene practices.
Excerpts from article on SecurityWeek by Eduard Kovacsken
