An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns.
Led by Interpol and conducted from January to April 2025, the operation focused on disrupting infostealer malware groups that steal financial and personal data through widespread infections.
The data stolen by infostealers commonly includes account credentials, browser cookies, and cryptocurrency wallet details. This data is then compiled into "logs" and sold on cybercrime markets or used in targeted attacks against high-value victims.
The results of Operation Secure are significant, resulting in:
Over 20,000 malicious IPs/domains linked to infostealers were taken down
41 servers supporting info-stealers operations were seized
32 suspects were arrested
100 GB of data was confiscated
216,000 victims were notified
The authorities also identified a large cluster of 117 servers in Hong Kong that were used as command-and-control (C2) infrastructure for phishing, online fraud, and social media scam operations.
... continue reading