Malicious Servers

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation.

Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure.

"Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized," INTERPOL said. "Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized."

Cybersecurity

The actions also led to the arrest of 41 individuals, with 65 others still under investigation. Some of the other key outcomes across countries are listed below -

  • Takedown of more than 1,037 servers by Hong Kong police
  • Seizure of a server and the identification of 93 individuals with links to illegal cyber activities in Mongolia
  • Disruption of 291 servers in Macau
  • Identification of 11 individuals with links to malicious servers and the seizure of 11 electronic devices in Madagascar
  • Seizure of more than 80GB worth of data in Estonia
Malicious Servers

Group-IB, which was one of the private sector partners alongside Kaspersky, Team Cymru, and Trend Micro, said it identified over 2,500 IP addresses linked to 5,000 phishing websites, and more than 1,300 IP addresses tied to various malware activities spanning 84 countries.

When reached for comment, the Singapore-headquartered company said it has no further specifics to share at this stage, citing reasons that there are other suspects who are still under investigation.

In a press statement, Kaspersky said it shared information pertaining to botnets, as well as malicious command-and-control servers, malware servers, and infected hosts that were used to aid in the distribution of IoT malware across multiple countries.

Cybersecurity

David Monnier, chief evangelist at Team Cymru, said it contributed to the effort by "identifying and categorizing malicious infrastructure" following extensive analysis.

"Our analysis did not dig into specific malware families due to their evolving nature," Josh Hopkins, S2 Threat Research Lead at Team Cymru, told The Hacker News.

"Our automated testing processes provide at scale insight, but for this operation our focus was to remain strategic on mapping tens of thousands of malicious nodes. We did not examine the content or hooks used by cybercriminals as part of the operation, our role exclusively focused on Internet telemetry analysis."

The first phase of Synergia took place between September and November 2023, leading to 31 arrests and the identification of 1,300 suspicious IP addresses and URLs used for phishing, banking malware, and ransomware attacks.

(The story was updated after publication to include responses from Group-IB and Team Cymru.)


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.