INTERPOL’s Operation Synergia II disrupts 22,000 malicious servers

INTERPOL has announced it has conducted an operation targeting phishing, ransomware, and information stealer infrastructure. The global operation, named Operation Synergia II, resulted in the take down of more than 22,000 malicious servers, the arrest of 41 individuals, and the seizure of electronic devices, including laptops, mobile phones, and hard disks.

Operation Synergia II ran from April 1 to August 31, 2024, spanning 84 countries. Throughout the operation, INTERPOL was assisted by private cybersecurity companies who shared intelligence on the malicious infrastructure they identified.

Be the first to know of emerging threats.

Sign up to get our analysts' insights on emerging cyberattacks, vulnerabilities, and more sent straight to your inbox.

Opt in

The first Synergia operation, which was conducted in 2023, resulted in 31 arrests and the identification of 1,300 suspicious IP addresses and URLs used for phishing, banking malware, and ransomware attacks.

Source: The Hacker News

Analysis

This takedown operation highlights INTERPOL’s ability to work internationally with its member’s law enforcement agencies as well as private cybersecurity companies to combat cybercrime. The second Operation Synergia was a marked improvement over the first, seeing the actual take down of malicious infrastructure rather than just its identification.

International law enforcement agencies have conducted several high profile take-down operations so far in 2024. For example, in October U.S. authorities announced that Operation Magnus, an international police coalition, disrupted the RedLine and META info stealer platforms and that charges were laid on a Russian national for his involvement in leading operations the two malware-as-a-service (MaaS) operations.

The FBI has also conducted various operations to disrupt ransomware operator LockBit and several botnets used by nation state cyber actors to enable cyber espionage activities.

Mitigation

Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for threats like phishing, ransomware, and information stealing malware. Field Effect MDR users are automatically notified if activity associated with these threats is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Related Articles

• RedLine and META MaaS platforms disrupted, mastermind charged
• Operation Cronos continues game of whack-a-mole with LockBit
• U.S. authorities disrupt ‘MooBot’ botnet used by Russian military hackers