In a major success in the fight against cybercrime, INTERPOL today announced that it had identified a botnet of some 20,000 bots in ransomware attacks across the world.
Assuming the cooperation of operations of 25 countries, Operation Secure, which lasted four months from January 2025 to April 2025, resulted in 41 server seizures, more than 100 GB of data which translated to over 400,000 child victims; and 32 arrests globally.
Organised under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project, this major operation demonstrates the importance of international collaboration and public-private partnership to fight cyber threats that are constantly growing and changing.
In advance of the operation, INTERPOL collaborated closely with private-sector cybersecurity companies such as Group-IB, Kaspersky and Trend Micro to develop key intelligence which resulted in targeted takedowns to remove 79% of identified suspicious IP addresses.
Information stealer malware is’ the leading backdoor related to gaining unauthorized network access, explicitly created to steal sensitive information like credentials, passwords, credit card details, and cryptocurrency wallet data.
These compromised “logs” are often bought and sold on the cybercriminal underground, acting as the first point of entry-point into more sophisticated attacks such as ransomware deployments, data breaches, and business email compromise (BEC) schemes.
Moving forward, Some important takeaways from Operation Secure are relevant:
Increased International Cooperation: The result of the operation illustrates the power of jurisdictions working together, an essential facet of dismantling global cybercrime networks that take advantage the internet’s borderless environment.
The Importance of Public-Private Partnerships: Working with cybersecurity companies was critical to furnishing actionable intelligence that enabled law enforcement to quickly identify and dismantle malicious infrastructure.
Takedown of Cybercriminal Operations: We removed malicious IPs and servers through Operation Secure to eliminate the control being exercised by cyber criminals on exploited computers, thereby preventing widespread damage to individuals and businesses.
Proactive Victim Notification: In the aftermath of the operation, law enforcement notified more than 216,000 potential victims, and notified those victims of steps they can take to prevent future fraud, such as by changing account passwords and freezing accounts.
INTERPOL’s Director of Cybercrime, Neal Jetton underlined the commitment to continued operations: “Operation Secure has demonstrated yet again the strength of collaboration in intelligence sharing to disrupt malicious infrastructure and prevent significant harm to both corporate and individual victims.”
This operation is a stark reminder of the continued threat posed by infostealers and the importance of strong, cooperative defenses against these threats.
