Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdown

Interpol has taken down more than 40,000 malicious IP addresses and servers as part of an international cyber crime operation targeting phishing, malware and ransomware activities.

Law enforcement bodies from 72 countries and territories took part in Operation Synergia III between July 2025 and the end of January this year, with 94 people arrested and another 110 still under investigation.

In all, 45,000 malicious IP addresses were taken down and 212 electronic devices and servers were seized.

“Cyber crime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve," said Neal Jetton, director of Interpol's Cybercrime Directorate.

"Interpol remains at the forefront of this fight, uniting law enforcement agencies and private sector experts to dismantle criminal networks, disrupt emerging threats and protect victims around the world.”

As investigations are still ongoing, some details are under wraps. However, the results include the identification of more than 33,000 phishing and fraudulent websites in Macau, China, related to fake casinos and critical infrastructure, such as official bank, government and payment service sites.

Victims are defrauded by topping up their accounts via the fraudulent sites, or by having their personal information and credit card details stolen.

Police in Togo, meanwhile, arrested 10 suspects operating a fraud ring from a residential area. Some specialized in technical crimes such as hacking social media accounts while others carried out social engineering schemes including romance scams and sextortion.

In Bangladesh, police arrested 40 suspects and seized 134 electronic devices related to a wide range of cyber crime schemes, including loan and job scams, identity theft, and credit card fraud.

Hot on the heels of Tycoon 2FA takedown

The operation follows the disruption last week of the the massive phishing as a service (PhaaS) platform, Tycoon 2FA.

This saw threat actors use adversary in the middle (AitM) proxying to bypass traditional multi-factor authentication (MFA) and capture session cookies in real time, leading to large-scale account compromise.

In an international operation, 330 domains were seized, including parts of the core infrastructure, such as phishing pages and control panels.

Much like that action, Operation Synergia III was carried out in collaboration with a number of private sector organizations, including Trend Micro.

“This kind of international operation highlights the value of close collaboration between law enforcement and the cybersecurity community. Behind every malicious server or phishing kit sits a wider criminal ecosystem that needs to be mapped and understood before arrests become possible," said Robert McArdle, director of cybercrime research at Trend Micro business unit TrendAI.

"Our support for investigations such as Tycoon 2FA, and contributions to operations like this one led by Interpol, demonstrates how actionable threat intelligence can help authorities identify infrastructure, connect actors and disrupt cyber criminal networks at scale.”

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.