20,000 Asian IP Addresses and Domains Neutralized in Infostealer Operation

Over 20,000 malicious IP addresses and domains linked to information stealers (infostealers) have been dismantled in a significant operation targeting cybercriminal infrastructure across Asia.

On June 11, Interpol announced the successful results of Operation Secure, a collaborative initiative under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project. This operation involved the coordinated efforts of 25 Asian countries as well as the autonomous regions of Macau and Hong Kong, in partnership with leading cybersecurity firms Group-IB, Kaspersky, and Trend Micro.

The operation yielded impressive outcomes, including:

– 20,642 IP addresses and domains taken down
– 41 servers and over 100GB of data seized
– $11,500 in cash, along with SIM cards and business registration documents confiscated
– 32 individuals arrested, including a suspected ringleader of a cybercriminal organization
– 216,058 notifications sent to potential victims

Coordinated raids were executed in four territories within the Asia-Pacific region: Vietnam, Hong Kong, Sri Lanka, and Nauru. Prior to the operation, Interpol collaborated with its private sector partners to produce cyber activity reports, disseminating crucial intelligence to cyber teams throughout Asia. Group-IB’s Threat Intelligence and High-Tech Crime Investigations teams provided essential insights into infostealer malware, including variants like Lumma, Risepro, and Meta Stealer.

This intelligence encompassed data on compromised user accounts, the cybercriminals’ command-and-control (C2) infrastructure, and accounts associated with the dark web and Telegram, which were used to promote malware-as-a-service (MaaS) and sell stolen data.

The Hong Kong police analyzed over 1,700 intelligence pieces relayed by Interpol, identifying 117 C2 servers hosted by 89 internet service providers. These servers functioned as central hubs for launching and managing malicious activities, including phishing, online fraud, and social media scams.

From this intelligence, Interpol and ASPJOC formulated a task force to conduct Operation Secure, leading to extensive law enforcement actions. The Vietnamese police arrested 18 individuals and confiscated various devices from their premises. The group’s leader was apprehended with VND300 million (approximately $11,500) in cash, SIM cards, and business registration documents, indicating illicit business activities.

Further house raids in Sri Lanka and Nauru resulted in the arrest of an additional 14 suspects (12 in Sri Lanka and 2 in Nauru) and the identification of 40 victims.

Neal Jetton, Interpol’s Director of Cybercrime, emphasized the operation’s success as a testament to the importance of intelligence sharing in disrupting malicious networks and preventing significant harm to both individuals and organizations. Dmitry Volkov, CEO of Group-IB, expressed pride in his company’s contribution, highlighting that the sensitive data and compromised credentials acquired through infostealer malware often act as initial vectors for financial fraud and ransomware attacks. By cooperating with law enforcement, they are dismantling the infrastructure facilitating these cyber threats and safeguarding entities worldwide.

Participating authorities in Operation Secure included Brunei, Cambodia, Fiji, Hong Kong (China), India, Indonesia, Japan, Kazakhstan, Kiribati, Korea (Rep. of), Laos, Macau (China), Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu, and Vietnam.

This operation is part of a broader series of enforcement actions against cybercriminal infrastructures and operations, which also targeted threats such as Lumma, QakBot, and DanaBot.