INTERPOL Takedown Hits 45,000 Malicious IPs, 94 Arrested

INTERPOL said a major international operation dismantled 45,000 malicious IP addresses and servers linked to phishing, malware and ransomware campaigns, and that the effort led to 94 arrests with another 110 people under investigation.

According to INTERPOL, the operation involved law enforcement teams from 72 countries and territories and resulted in the seizure of 212 electronic devices and servers. INTERPOL described the activity as part of the third phase of Operation Synergia, which it said ran from July 18, 2025 to January 31, 2026, following related phases in 2023 and 2024.

Bangladesh authorities told INTERPOL they arrested 40 suspects and confiscated 134 electronic devices in coordinated raids tied to scams including loan fraud, job scams, identity theft and credit card abuse. “These coordinated actions help dismantle the infrastructure criminals use to target victims across borders,” INTERPOL said.

Togo authorities reported apprehending 10 people accused of running a residential fraud ring involving account takeovers and social engineering. Togo authorities said the suspects hacked social media accounts and then impersonated victims to trick the victims’ contacts into sending money, often under the pretext of fake romantic relationships or sextortion.

Macau law enforcement identified more than 33,000 phishing and fraudulent websites impersonating casinos and critical services such as banks and government portals, the agencies said. Macau authorities said those sites instructed victims to top up balances or enter personal information, enabling large-scale theft and identity fraud.

Separately, India’s Central Bureau of Investigation (CBI) said it executed coordinated searches at 15 locations across Delhi, Rajasthan, Uttar Pradesh and Punjab as part of an investigation into organized online investment and part-time job fraud linked to a Dubai-based fintech platform called Pyypl. “It was alleged that thousands of unsuspecting Indian citizens were cheated of crores of rupees through deceptive online schemes operated by an organized transnational fraud syndicate,” the CBI said.

The CBI said the syndicate used social media, mobile apps and encrypted messaging to lure victims with promises of high returns, showing fake profits on sham platforms to build trust before persuading people to deposit larger sums. The agency added that funds were moved quickly through multiple mule accounts and withdrawn offshore via ATMs, converted to cryptocurrency and consolidated into accounts tied to shell companies.

Proofpoint researchers found similar scam playbooks in October 2024, noting fraudsters often start by asking for small deposits and showing fabricated earnings to trick victims into investing more. The CBI said some proceeds were converted to USDT through India-based virtual asset exchanges and moved to whitelisted wallets.

The CBI named Ashok Kumar Sharma and other co-conspirators as key figures in the syndicate and said Sharma has been taken into custody, with bank accounts frozen and digital evidence seized. The agency said the inquiry is ongoing.

INTERPOL characterized the combined actions as an example of cross-border cooperation to disrupt criminal infrastructure and reduce harm to victims. “Taking down servers and prosecuting perpetrators sends a strong signal that cybercrime cannot hide behind national boundaries,” INTERPOL said.

For the public, authorities urged basic precautions: verify unsolicited job or investment offers, avoid sending money to unknown contacts, and report suspicious websites to local law enforcement. Several agencies said international cooperation will remain central to tracking the financial flows and infrastructure used by these fraud networks.

For practical guidance on protecting yourself from scams and other online threats, see this Cybersecurity Waala guide on how to protect yourself from cyber attacks in 10 easy steps.

#cybercrime #INTERPOL #fraud #cybersecurity #threatintel