Cyber operation led by INTERPOL dismantles 45,000+ malicious IP addresses
Beyond the takedowns, the operation highlighted the diversity of cybercrime tactics now in use.
An INTERPOL-coordinated operation targeting phishing, malware, and ransomware infrastructure has resulted in the takedown of more than 45,000 malicious IP addresses and servers.
Law enforcement agencies from 72 countries and territories participated in Operation Synergia III (from 18 July 2025 to 31 January 2026). The operation resulted in 94 arrests, with 110 additional individuals under investigation. A total of 212 electronic devices and servers were seized.
During the operation, INTERPOL processed threat data into actionable intelligence, facilitated cross-border coordination, and provided tactical operational support to participating countries. Preliminary investigations informed a series of coordinated national actions, including searches of identified locations and the disruption of malicious cyber infrastructure.
Several investigations remain ongoing. Preliminary case reports illustrate the range of criminal methods. For instance, in Macau, China, law enforcement identified more than 33,000 phishing and fraudulent websites impersonating casinos, banks, government portals, and payment services.
The sites were used to collect payments via fraudulent top-up mechanisms or to harvest users’ personal and financial data.
In Togo, police arrested 10 suspects operating from a residential location. The group’s activities included unauthorised access to social media accounts and social engineering schemes such as romance fraud and sextortion.
After compromising accounts, suspects contacted the account holder’s connections, impersonating the original user to initiate fraudulent relationships or solicit money transfers from secondary victims.
In Bangladesh, police arrested 40 suspects and seized 134 electronic devices linked to a range of schemes, including fraudulent loan and employment offers, identity theft, and credit card fraud.
INTERPOL collaborated with private sector partners Group-IB, Trend Micro, and S2W to monitor illicit cyber activity and identify malicious servers during the operation.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!