Asia-Pacific operation targets data theft
An international law enforcement operation has dismantled cybercriminal infrastructure linked to information stealers across the Asia-Pacific region. Coordinated by Interpol from January to April 2025, the initiative resulted in the takedown of over 20,000 malicious IP addresses and domains.
Law enforcement authorities from 26 countries participated in the operation, named ‘Operation Secure’.
The effort focused on identifying and disrupting networks used by cybercriminals to access sensitive user data. The campaign targeted servers hosting infostealer malware, which extracts data such as login credentials, credit card numbers and cryptocurrency wallet information.
Ahead of the coordinated action, Interpol worked with cybersecurity firms Group-IB, Kaspersky and Trend Micro to produce intelligence reports. These documents were shared with national cybercrime units, enabling investigators to locate compromised infrastructure and plan enforcement actions. As a result, 79 per cent of the suspicious IP addresses identified were taken offline.
Participating countries reported the seizure of 41 servers and more than 100 gigabytes of data. Thirty-two suspects were arrested in connection with the operation.
The tools uncovered during the investigation were used to extract sensitive data from compromised devices and transmit it to remote servers controlled by cybercriminals. This malware operates covertly, collecting browser credentials, cookies, and financial information without the user’s awareness.
Once stolen, the data is compiled into logs that are sold or repurposed for further attacks, such as ransomware, large-scale fraud, and business email compromise (BEC) scams.
According to Interpol, infostealers are a key method for unauthorised access to organisational systems. These programs infiltrate devices—commonly referred to as bots—to collect a range of personal and financial data, including login credentials and cryptocurrency wallet information.
Logs produced by these malware strains are widely traded on the dark web and often serve as entry points for more complex cyber operations, including data breaches and online fraud.
Notifications sent
Following the takedowns, law enforcement agencies began notifying more than 216,000 affected individuals and organisations. Victims were advised to change passwords, secure online accounts, and monitor for signs of identity theft.
Among the most significant actions taken in Vietnam, 18 suspects were detained. Vietnamese authorities recovered devices, cash equivalent to over $11,000 and business registration records believed to be linked to illegal corporate account activity. In Sri Lanka, police arrested 12 individuals during house raids and identified 31 potential victims.
Hong Kong’s police force analysed over 1,700 intelligence leads supplied by Interpol. They found 117 command-and-control servers operating across 89 internet service providers. These servers were allegedly used for phishing scams, online fraud and managing social media-based campaigns targeting users.
Interpol’s Director of Cybercrime, Neal Jetton, said that joint international efforts remain essential to disrupting digital threats. He described Operation Secure as an example of how intelligence-led policing can dismantle networks that cause widespread harm.
The operation was conducted under the Asia and South Pacific Joint Operations Against Cybercrime (ASPJOC) Project.
26 nations
Participating nations included: Brunei, Cambodia, Fiji, Hong Kong (China), India, Indonesia, Japan, Kazakhstan, Kiribati, Korea (Rep of), Laos, Macau (China), Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu, Vietnam.
While no direct participation from Middle Eastern countries was recorded, regional cybersecurity experts have noted the relevance of such international operations for the broader digital security landscape, especially as cyber threats increasingly target infrastructure beyond national borders.
Infostealer malware has become a common entry point for more complex cyberattacks. According to security analysts, the availability of stolen login credentials on underground forums contributes to an increase in targeted intrusions, including those into government systems and financial platforms.
The operation marks one of the largest regional crackdowns on malware infrastructure to date. Investigators say it demonstrates the value of collaboration between law enforcement and the private sector, particularly in sharing real-time threat data.
While Operation Secure focused on Asia-Pacific networks, experts argue the tactics and findings are relevant globally. Cybercriminal groups often operate across jurisdictions, and stolen data from one region is frequently used to launch attacks in another.
For countries in the Middle East and Africa, where digital transformation is rapidly accelerating, the lessons from Operation Secure underscore the importance of regional cooperation and the establishment of dedicated cybercrime response units.
Authorities involved in the operation say follow-up investigations are underway and additional arrests are expected. Interpol is working with countries to ensure any remaining threats linked to the dismantled infrastructure are addressed.
Hero image: Law enforcement agencies from 26 countries collaborated during Operation Secure 2025. Credit: Interpol
