INTERPOL: 45,000 malicious IP addresses taken down in international cyber operation

An international cybercrime operation targeting phishing, malware and ransomware has seen the INTERPOL take down more than 45,000 malicious IP addresses and servers, the organisation has announced.

Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL, it said, noting that the operation led to the arrest of 94 people, with another 110 individuals still under investigation.

During the operation, INTERPOL, according to a statement, said it transformed data into actionable intelligence, facilitated cross-border collaboration, and provided tactical operational assistance to member countries.

Preliminary investigations, it said, led to a series of coordinated actions by national authorities, including raids on key locations and the disruption of malicious cyber activities.  In total 212 electronic devices and servers were seized, it announced.

According to the organisation, participating countries and territories included: Nigeria, Angola, Argentina, Austria, Bahrain, Bangladesh, Bolivia, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Burkina Faso, Burundi, Cameroon, Colombia, Democratic Republic of Congo, Eritrea, Eswatini, France, Gambia, Georgia, Greece, Guatemala, Guinea, Guinea Bissau, Guyana, and Honduras.

Others were: Iceland, India, Iraq, Ireland, Israel, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Latvia, Lebanon, Lesotho, Liechtenstein, Macao (China), Madagascar, Malaysia, Maldives, Moldova, Mongolia, Niger, North Macedonia, Oman, Pakistan, Palestine, Paraguay, Philippines, Poland, Qatar, Singapore, South Africa, South Sudan, Spain, Sri Lanka, Switzerland, Tanzania, Togo, Türkiye, Uganda, Ukraine, United Arab Emirates, United Kingdom, Venezuela, Zambia and Zimbabwe.

INTERPOL’s Director of the Cybercrime Directorate, Neal Jetton, commenting on the development said: “Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve.

“INTERPOL remains at the forefront of this fight, uniting law enforcement agencies and private sector experts to dismantle criminal networks, disrupt emerging threats and protect victims around the world.”

Although several investigations are still ongoing in participating countries, preliminary reports of key cases, it said, demonstrate the breadth of the criminal tactics employed, including fraudulent websites, romance scams and credit card fraud.

For instance, law enforcement in Macau, China identified more than 33,000 phishing and fraudulent websites, related to fake casinos and critical infrastructure, such as official bank, government and payment service sites.

“Victims are defrauded by topping up their accounts via the fraudulent sites or by having their personal information and credit card details stolen,” the INTERPOL noted.

Besides, police in Togo arrested 10 suspects operating a fraud ring from a residential area. Some specialised in technical crimes such as hacking social media accounts, while others carried out social engineering schemes including romance scams and sextortion.

“After gaining access to an account, the criminals contacted the victim’s online contacts, impersonating the account holder to build fake romantic relationships or deceive friends and family members. Their ultimate goal was to persuade these secondary victims to make money transfers.

“In Bangladesh, police arrested 40 suspects and seized 134 electronic devices related to a large range of cybercrime schemes, including loan and job scams, identity theft or credit card fraud,” it added.

During Operation Synergia III, INTERPOL said it worked closely with its partners, Group-IB, Trend Micro and S2W, to track illegal cyber activities and identify malicious servers.

- Agencies