Interpol & Asian Agencies Dismantle Major Malware Infrastructure: 20,000 Malicious IPs Blocked
Do Son 
Image: Interpol
Interpol recently disclosed the success of a coordinated operation targeting information-stealing malware, carried out in collaboration with law enforcement agencies across several Asian nations. The operation successfully blocked up to 20,000 IP addresses—representing 79% of the total infrastructure used by the malware.
Conducted between January and April 2025, the crackdown resulted in the seizure of 41 servers and over 100GB of data. However, Interpol has refrained from naming any specific cybercriminals or groups involved, stating only that investigations are underway into 69 malware variants.
Vietnamese authorities played the most active role in the operation, arresting 18 suspects, including an individual believed to be a key figure within the criminal network. At the time of arrest, the suspect was found in possession of $11,500 in cash, multiple SIM cards, and business registration documents—suspected to have been used for establishing shell companies to facilitate fraudulent schemes.
In Sri Lanka, police acted on intelligence to raid several residences, resulting in the arrest of 12 suspects. Nauruan authorities apprehended 2 individuals during a similar raid. All detainees are currently in custody pending further interrogation.
The Hong Kong Police Force also played a critical role in the operation. Although the suspects were not located in Hong Kong, local authorities analyzed 1,700 intelligence reports provided by Interpol, identifying 117 command-and-control (C2) servers hosted by 89 different ISPs. These servers were allegedly used by threat actors to issue malicious commands and exfiltrate stolen data.
As the investigation remains ongoing, both Interpol and participating national agencies have withheld further details. Additional information is expected to be released upon the conclusion of the inquiry.
Related Posts:
- Interpol Recovers $41 Million Stolen in Singapore BEC Scam
- Europol & Microsoft Lead Global Takedown of Lumma Stealer, World’s Largest Infostealer
- Kaspersky Lab Exposes TTPs of Asian Cyber Espionage Groups
- INTERPOL’s Operation Contender 2.0 Strikes Major Blow Against West African Cybercrime
- Operation Endgame: Global Takedown Disrupts Major Ransomware Malware Infrastructure
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
