INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure

On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative, termed Operation Secure, involved a coordinated effort from law enforcement agencies across 26 countries. Conducted between January and April 2025, the operation aimed to identify malicious servers, map associated physical networks, and carry out targeted takedowns of illicit operations.

According to INTERPOL’s statement, these collaborative efforts led to the disruption of 79 percent of the identified suspicious IP addresses. Authorities confiscated 41 servers containing critical data exceeding 100 GB, while 32 individuals were arrested in connection with various cyber offenses. Among these, Vietnamese authorities made significant strides, apprehending 18 suspects and seizing devices, SIM cards, business registration documents, and cash totaling $11,500. Further investigations, including house raids, resulted in the capture of an additional 12 individuals in Sri Lanka and two in Nauru.

The coordinated strike highlights the growing global response to the pervasive threat of cybercrime, particularly the exploitation of information-stealing malware that targets personal and organizational data. Operation Secure underscores the necessity for robust cybersecurity measures and the importance of international cooperation in combating these malicious activities.

In terms of the tactics and techniques employed during this operation, several relevant strategies from the MITRE ATT&CK Framework may have been utilized by the adversaries involved. Initial access techniques, such as phishing and exploiting software vulnerabilities, could have facilitated the deployment of the malware. Once inside targeted systems, adversaries might have employed persistence tactics to maintain their presence, ensuring continuous access to sensitive information.

Moreover, privilege escalation techniques could allow cybercriminals to gain elevated access to the systems, enabling more extensive data theft. By mapping out the physical networks, law enforcement was able to address how these malware variants proliferated and to whom they were targeting, further empowering the collective effort to dismantle these criminal infrastructures.

The outcome of Operation Secure serves as a reminder to business owners about the critical need for vigilance and proactive cybersecurity measures. With the evolution of cyber threats, understanding potential tactics and implementing robust defense mechanisms is imperative to safeguarding sensitive data against increasingly sophisticated attacks. As this operation demonstrates, collaborative international efforts may serve as a beacon of hope in the ongoing battle against cybercrime, yet the responsibility also lies with organizations to fortify their defenses in a shared digital landscape.

Source link

Related Posts

ConnectWise Cyberattack: Nation-State Actor Suspected in Targeted Breach
May 30, 2025 | Vulnerability / Data Breach

ConnectWise, known for its remote access software ScreenConnect, has reported being targeted in a cyberattack believed to be orchestrated by a nation-state actor. On May 28, the company issued a brief advisory detailing that it had identified suspicious activity linked to the threat, which has affected a limited number of ScreenConnect customers. To investigate the incident further, ConnectWise has enlisted Google Mandiant for a forensic examination and has informed all impacted customers. While the company has not disclosed the specific number of affected customers, the timing of the breach, or the identity of the responsible party, it is important to note that just weeks prior, in late April 2025, ConnectWise addressed a high-severity vulnerability (CVE-2025-3935) with a CVSS score of 8.1 in ScreenConnect versions 25.2.3 and earlier.

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…