Ransomware-Linked IPs

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs.

The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime."

Involving 60 law enforcement agencies spanning 55 member countries, the exercise paved the way for the detection of more than 1,300 malicious servers, 70% of which have already been taken down in Europe. Hong Kong and Singapore authorities took down 153 and 86 servers, respectively.

Servers, as well as electronic devices, were confiscated following over 30 house searches. Seventy suspects have been identified to date, and 31 from Europe, South Sudan, and Zimbabwe have been arrested.

Cybersecurity

Singapore-headquartered Group-IB, which also contributed to the operation, said it identified "more than 500 IP addresses hosting phishing resources and over 1,900 IP addresses associated with ransomware, Trojans, and banking malware operations."

The rogue infrastructure was hosted in Australia, Canada, Hong Kong, and Singapore, among others, with the resources distributed across more than 200 web hosting providers around the world.

"The results of this operation, achieved through the collective efforts of multiple countries and partners, show our unwavering commitment to safeguarding the digital space," Bernardo Pillot, assistant director to INTERPOL Cybercrime Directorate, said.

"By dismantling the infrastructure behind phishing, banking malware, and ransomware attacks, we are one step closer to protecting our digital ecosystems and a safer, more secure online experience for all."

The development arrives more than a month after another six-month-long international police operation dubbed HAECHI-IV resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries.

Operation Synergia is also INTERPOL's latest intervention designed to stamp out different types of cybercrime. In December 2023, the agency announced the arrest of 257 suspected migrant smugglers and human traffickers associated with transnational organized crime groups from different countries.

"More than 100 Brazilians had been promised cryptocurrency jobs through social media ads offering generous wages, productivity bonuses, food, and lodging," INTERPOL said. "Once they arrived, however, they were held against their will and forced to carry out online investment scams."

INTERPOL has been keeping a close watch on human trafficking-fuelled fraud, where victims are tricked through fake job ads to online scam centers and forced to commit cyber-enabled financial crime on an industrial scale. Tens of thousands are estimated to have been trafficked in Southeast Asia to conduct such scams.

Cybersecurity

In the same month, it also said that it had arrested 281 individuals for offenses such as human trafficking, passport forgery, corruption, telecommunications fraud, and sexual exploitation.

This included an accountant from the Indian state of Telangana who was duped into coming to an unnamed Southeast Asian country and coerced into participating in online fraud schemes under inhuman conditions. He was eventually able to leave following the payment of a ransom.

INTERPOL said it further received reports from Ugandan law enforcement about numerous citizens taken to Dubai under the pretext of giving them jobs and diverting them to countries like Thailand and then Myanmar. "There, the victims were handed over to an online fraud syndicate and kept under armed guard while being taught to defraud banks," it said.

(The story was updated after publication to include other recent actions undertaken by INTERPOL to combat cybercrime.)


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.