TAKEDOWN Law enforcement operation takes down 22,000 malicious IP addresses worldwide Operation Synergia II took aim at phishing, ransomware, and information stealing. Dan Goodin Nov 7, 2024 6:12 pm | 5 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreAn international coalition of police agencies has taken a major whack at criminals accused of running a host of online scams, including phishing, the stealing of account credentials and other sensitive data, and the spreading of ransomware, Interpol said recently.The operation, which ran from the beginning of April through the end of August, resulted in the arrest of 41 people and the takedown of 1,037 servers and other infrastructure running on 22,000 IP addresses. Synergia II, as the operation was named, was the work of multiple law enforcement agencies across the world, as well as three cybersecurity organizations.A global responseThe global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II, Neal Jetton, director of the Cybercrime Directorate at INTERPOL, said. Together, weve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime. INTERPOL is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place.Among the highlights of Operation Synergia II were:Hong Kong (China): Police supported the operation by taking offline more than 1,037 servers linked to malicious services.Mongolia: Investigations included 21 house searches, the seizure of a server and the identification of 93 individuals with links to illegal cyber activities.Macau (China): Police took 291 servers offline.Madagascar: Authorities identified 11 individuals with links to malicious servers and seized 11 electronic devices for further investigation.Estonia: Police seized more than 80GB of server data, and authorities are now working with INTERPOL to conduct further analysis of data linked to phishing and banking malware.The three private cybersecurity organizations that were part of Operation Synergia II were Group-IB, Kaspersky, and Team Cymru. All three used the telemetry intelligence in their possession to identify malicious servers and made it available to participating law enforcement agencies. The law enforcement agencies conducted investigations that resulted in house searches, the disruption of malicious cyber activities, the lawful seizures of servers and other electronic devices, and arrests.The three private security organizations helped identify 30,000 potentially malicious IP addresses. Follow-on investigations later concluded that roughly 76 percent of them were malicious, amounting to about 22,800. Authorities also seized 59 servers and 43 electronic devices, including laptops, mobile phones, and hard disks. The operation led to the arrest of 41 individuals, with 65 others still under investigation.INTERPOL said Operation Synergia II is a response to the escalating threat and professionalization of transnational cybercrime. The three types of cybercrime prioritized were phishing, infosealers, and ransomware.The agency said the advent of generative AI is giving phishers a leg up by allowing them to create more sophisticated emails that are translated into multiple languages. INTERPOL said that there was a 40-percent increase in 2023 in the sale of logs collected from infostealers on the deep and dark web. Officials also noted an average 70 percent increase in ransomware attacks globally.Group-IB and Team Cymru have statements here and here documenting their participation.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at @dangoodin on Mastodon. Contact him on Signal at DanArs.82. 5 Comments