INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

A global law enforcement operation called Operation Synergia II dismantled over 22,000 malicious IPs linked to phishing, infostealers, and ransomware, INTERPOL said.

INTERPOL announced this week it took down more than 22,000 malicious servers linked to cybercriminal activities as part of a global operation code-named Operation Synergia II.

Operation Synergia II is a collaborative effort by INTERPOL, private sector partners, and 95 countries, that targeted phishing, ransomware, and infostealers from April to August 2024.

“Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized. Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized. The operation led to the arrest of 41 individuals, with 65 others still under investigation.” reads the press release published by Interpol.

In Operation Synergia II, INTERPOL and partners like Group-IB, Trend Micro, Kaspersky, and Team Cymru identified thousands of malicious servers. Law enforcement agencies from different countries participating in the operation used this data to conduct searches, disrupt cyber activities, and seize servers and devices.

Countries in Operation Synergia II took significant actions against cybercrime:

  • Hong Kong: Disabled over 1,037 malicious servers.
  • Mongolia: Conducted 21 searches, seized a server, and identified 93 suspects.
  • Macau: Took 291 servers offline.
  • Madagascar: Identified 11 suspects and seized 11 devices.
  • Estonia: Seized over 80GB of server data for INTERPOL-assisted analysis.

These efforts aimed to dismantle networks supporting phishing, ransomware, and malware.

“The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II. Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime.” said Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate. “INTERPOL is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place.”

Operation Synergia II follows the first phase that ran from September to November 2023 involving law enforcement agencies from 50 countries.

The international law enforcement operation was launched to curb the escalation and professionalisation of transnational cybercrime.

Authorities detained 31 individuals, 26 of whom were in Europe, and identified an additional 70 suspects. Four people were arrested in South Sudan and Zimbabwe.

The law enforcement agencies identified more than 1,300 suspicious IP addresses associated with C2 servers, 70% of which have been taken down. Most of the C2 servers taken down were in Europe, while other servers were taken down in Hong Kong (153) and Singapore (86).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, INTERPOL)