Law enforcement agencies across 26 nations recently dismantled extensive cybercrime operations targeting victims throughout Asia, as part of coordinated international efforts. The operation led to arrests of multiple alleged cybercriminals and removal of vital infrastructure, marking the culmination of collaborative strategies among global policing bodies. Notably, the operation also underscores the expanding scale of digital threats in the Asia-Pacific region, as both individuals and businesses continue to face an evolving risk landscape. Cybersecurity experts have observed that international collaboration and timely intelligence sharing have become integral elements of frontline cyber defense.
Past global cybercrime crackdowns have typically focused on isolated malware families or single perpetrators, which limited the impact to specific threat groups. Reports from earlier years seldom involved coordination across so many national jurisdictions or simultaneous targeting of physical and digital infrastructure. In recent months, there has been a noticeable increase in the scope of these law enforcement actions, with authorities now dismantling broader infostealer networks and taking systemic approaches to infrastructure seizure.
Which Networks and Tools Were Targeted?
Operation Secure, launched during the first four months of the year, specifically targeted both physical servers and online infrastructure linked to infostealer operations. As a result, authorities seized 41 servers and more than 20,500 malicious IP addresses and domains. They also collected 100 GB of data as part of their investigations.
What Malware and Companies Were Involved?
A total of 69 infostealer variants came under investigation, including frequently noted malware such as Lumma, Risepro, and Meta Stealer. The operation’s remit extended to command-and-control infrastructure and online accounts used to advertise these tools and distribute compromised data. Cybersecurity firms, including Group-IB, Kaspersky, and Trend Micro, contributed intelligence leading up to the takedowns.
How Did Law Enforcement Coordinate Responses?
Authorities from Vietnam, Sri Lanka, and Nauru arrested a total of 32 suspects during coordinated raids. In parallel, the Hong Kong Police Force identified and disrupted 117 command-and-control servers hosted by 89 internet service providers. The Asia and South Pacific Joint Operations Against Cybercrime Project played an organizing role, with Interpol facilitating cross-border intelligence sharing.
Investigators documented more than 216,000 victims whose personal and financial data, including account credentials, credit card numbers, and cryptocurrency information, had been compromised. Notices were sent to these victims, alerting them to the potential misuse of their stolen data. Group-IB CEO Dmitry Volkov stated,
“By sharing actionable intelligence with INTERPOL and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks, and protecting both organizations and individuals globally.”
This emphasis on intelligence sharing was echoed by Interpol’s director of cybercrime Neal Jetton, who highlighted the operational benefits of international cooperation.
Wide-ranging police actions like this reflect a clear shift from targeting individual hackers to a broader disruption of entire cybercriminal ecosystems. The discovery of multiple infostealer variants and identification of thousands of malicious domains demonstrate the scale and technical sophistication of cybercrime operations worldwide. Businesses and consumers in fast-growing digital economies are especially vulnerable, highlighting the need for proactive information sharing and timely notifications to potential victims. A coordinated international approach supported by both law enforcement and cybersecurity firms improves the efficacy of such crackdowns while reinforcing digital defense capabilities for the future.
