In a coordinated international operation, INTERPOL has arrested 306 suspects and seized 1,842 electronic devices in a sweeping crackdown on cross-border cybercrime. The operation, spanning multiple countries, targeted ransomware groups, phishing networks, and financial fraud syndicates leveraging advanced evasion techniques.
Operation Details and Key Findings
The operation, led by INTERPOL’s Cybercrime Directorate, involved law enforcement agencies from 58 countries. Among the seized devices were servers used for command-and-control (C2) infrastructure, cryptocurrency wallets linked to ransomware payments, and spoofed domains used in phishing campaigns. Forensic analysis revealed ties to known APT groups and financially motivated cybercriminal networks.
Targeted Cybercrime Tactics
Investigators identified the use of Cobalt Strike beacons, Malleable C2 profiles, and DNS-over-HTTPS (DoH) for stealthy communications. The arrests included operators of ransomware-as-a-service (RaaS) platforms and developers specializing in malware obfuscation techniques. Notably, several suspects were linked to recent BEC attacks targeting multinational corporations.
Global Impact and Ongoing Efforts
INTERPOL confirmed the operation disrupted at least 15 active cybercrime campaigns, including those exploiting Microsoft Exchange vulnerabilities. The agency’s Financial Crime Unit traced over $50 million in illicit proceeds through blockchain analysis. While this represents a significant blow to cybercriminal operations, INTERPOL warns that threat actors are rapidly adapting, with increased adoption of AI-driven social engineering and fileless malware.
For more details on INTERPOL’s cybercrime initiatives, refer to their official announcements.
