Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
[Singapore; 11 June, 2025] Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has contributed to INTERPOL’s “Operation Secure”, which took down the infrastructure linked to information stealers (infostealers) in Asia that claimed more than 216,000 potential victims. The operation, which was conducted from January to April 2025, resulted in the arrest of 32 suspects, taking down more than 20,000 malicious IP addresses and domains, and the seizure of 41 servers containing over 100GB of data that were linked to the cybercriminal activities.
During the course of Operation Secure, Group-IB’s Threat Intelligence team and High-Tech Crime Investigations team monitored and provided mission-critical intelligence about the user accounts compromised by the infostealer malware—such as Lumma, Risepro, META Stealer—as well as the cybercriminals’ command-and-control (C2) infrastructure, and accounts linked to the dark web and Telegram that were used by the cybercriminals to advertise infostealer malware-as-a-service, and selling stolen data.
As part of the operation, Vietnamese police arrested 18 suspects, including its leader, and seized over VND$300 million in cash, SIM cards, and business registration documents that indicated a scheme to establish and sell corporate accounts.
In Sri Lanka and Nauru, house raids were conducted by local law enforcement agencies that arrested 14 suspects—12 in Sri Lanka and 2 in Nauru—and the identification of 40 victims in total.
Through the information shared by INTERPOL, the Hong Kong Police Force analysed over 1,700 pieces of intelligence and identified 117 command-and-control (C2) servers hosted across 89 internet service providers, which were used by cybercriminals to launch and manage phishing, online fraud, and social media scams.
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses”, said Neal Jetton, INTERPOL’s Director of Cybercrime.
“We are delighted to have contributed to Operation Secure, and equally grateful to INTERPOL and local law enforcement agencies in apprehending these cybercriminals,” said Dmitry Volkov, CEO of Group-IB. “The compromised credentials and sensitive data acquired by cybercriminals through infostealer malware often serve as initial vectors for financial fraud and ransomware attacks. By sharing actionable intelligence with INTERPOL and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks, and protecting both organizations and individuals globally.”
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
