To contribute to global efforts to combat cybercrime, Kaspersky has assisted INTERPOL in its latest operation Secure that focused on disrupting infostealer threat and taking down infrastructure hosting such malware. The operation has brought together law enforcement agencies from 26 participating countries and INTERPOL’s private sector partners, resulting in the arrest of over 30 suspects linked to cybercrimes involving infostealing malware and over 20,000 malicious IP addresses or domain takedowns.
Infostealer is a type of malware, designed to extract valuable user data, including financial information, credentials or cookies, with the harvested data compiled into log files and then distributed within the dark web underground community by cybercriminals. According to data from the Kaspersky Digital Footprint Intelligence team, nearly 26 million devices running Windows were infected with various types of infostealers in 2023-2024. On average, every 14th infostealer infection results in stolen credit card information.
Running from January
2025 to April 2025, the operation intended to accurately pinpoint and disrupt infostealer-linked
malicious cyber activities by locating servers, mapping physical networks and
executing targeted takedowns. The operation was supported by INTERPOL’s private
partners, including Kaspersky, which shared data on malicious infrastructures
involved in controlling or distributing infostealing malware, including data on
the malware command and control (C&C) servers.
In total, the operation investigated nearly 70 infostealer variants and 26,000
associated IPs and domains, with law enforcers seizing over 40 servers
involved. Following the operation, authorities notified over 216,000 victims
and potential victims so they could take immediate action - such as changing
passwords, freezing accounts or removing unauthorized access.
Operation Secure highlights:
- In Sri Lanka and Nauru, as part of respective enforcement efforts, house raids were carried out by authorities. These actions led to the arrest of 14 individuals - 12 in Sri Lanka and two in Nauru - as well as the identification of 40 victims.
- In Vietnam, police arrested 18 suspects, seizing devices from their homes and workplaces. The group's leader was found with over VND 300 million ($11,500) in cash, SIM cards and business registration documents, pointing to a scheme to open and sell corporate accounts.
- In Hong Kong, police analyzed over 1,700 pieces of
intelligence provided by INTERPOL and identified 117 command-and-control
servers hosted across 89 internet service providers. These servers were used by cybercriminals as central hubs to launch and manage
malicious campaigns, including phishing, online fraud and social media scams.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
“Cyberthreats know no borders and neither should international cooperation. As front-line defenders, private companies span real-life data on cyberthreats and sharing this data with law enforcement helps put an ultimate end to threats propagation. Global cybersecurity is a shared responsibility and Kaspersky commends the convening role that INTERPOL plays in bringing together the stakeholders whose contribution is required for creating a safer digital world,”comments Yuliya Shlychkova, Vice President, Global Public Affairs, Kaspersky.
The infostealer threat has recently been gaining momentum, with Kaspersky Digital Footprint Intelligence continuously monitoring dark web to detect compromised credentials, raise awareness on the threat and share strategies for mitigating associated risks.
If a data leak caused by infostealing malware is detected, the following steps should be taken immediately:
- Act promptly if you suspect your bank card details are leaked: monitor bank notifications, reissue the card and change your bank app or website password. Enable two-factor authentication and other verification methods. If account and balance details are leaked, be extra vigilant against phishing emails, fraudulent SMS and calls. Cybercriminals might consider you a victim for targeted attacks based on this information. Contact your bank directly in unclear situations.
- Change compromised account passwords and monitor for suspicious activity associated with those accounts.
- Run full security scans on all devices, removing any detected malware.
- With infostealers targeting both personal and corporate devices, companies are recommended to monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees. A detailed guide on setting up monitoring can be found here.
