Interpol announced on Wednesday that it recently targeted infostealer malware in an operation that spanned several months and involved law enforcement agencies in more than two dozen countries.
As part of Operation Secure, which ran between January and April, Interpol, its law enforcement partners, and cybersecurity firms Kaspersky, Group-IB and Trend Micro targeted infostealer campaigns originating in Asia.
The operation involved the takedown of 20,000 IP addresses and domains, and the seizure of 41 servers and more than 100 Gb of data.
Authorities arrested 32 suspects, including 18 in Vietnam and 14 in Sri Lanka and Nauru. The leader of a Vietnamese group was found to possess over $11,000 in cash, SIM cards, and business registration documents, suggesting involvement in a scheme to sell corporate accounts.
In Hong Kong, police identified 117 command and control (C&C) servers hosted across nearly 90 ISPs.
Authorities notified more than 216,000 victims and urged them to take action to mitigate the impact of infostealer malware infections.
Infostealers enable cybercriminals to steal valuable data from compromised systems, including credentials, payment card data, and cryptocurrency wallets.
Kaspersky revealed that the operation targeted nearly 70 infostealer variants. Group-IB focused on malware families such as Lumma, Risepro, and META Stealer.
Trend Micro’s investigation focused on malware such as Vidar, Lumma Stealer, and Rhadamanthys, which the company described as “some of the most prominent infostealer families detected in this operation”.
The news comes just weeks after Microsoft and global law enforcement announced the disruption of the Lumma Stealer operation.
Related: Microsoft Says One Million Devices Impacted by Infostealer Campaign
Related: Infostealer Infections Lead to Telefonica Ticketing System Breach
Related: Counter Antivirus Service AVCheck Shut Down by Law Enforcement
