Kaspersky has assisted Interpol in its latest operation Secure that focused on disrupting infostealer threat and taking down infrastructure hosting such malware.
The operation has brought together law enforcement agencies from 26 participating countries and Interpol’s private sector partners, resulting in the arrest of over 30 suspects linked to cybercrimes involving infostealing malware and over 20 000 malicious IP addresses or domain takedowns.
Infostealer is a type of malware, designed to extract valuable user data, including financial information, credentials or cookies, with the harvested data compiled into log files and then distributed within the dark web underground community by cybercriminals.
According to data from the Kaspersky Digital Footprint Intelligence team, nearly 26-million devices running Windows were infected with various types of infostealers in 2023-2024. On average, every 14th infostealer infection results in stolen credit card information.
Running from January 2025 to April 2025, the operation intended to accurately pinpoint and disrupt infostealer-linked malicious cyber activities by locating servers, mapping physical networks and executing targeted takedowns. The operation was supported by Interpol’s private partners, including Kaspersky, which shared data on malicious infrastructures involved in controlling or distributing infostealing malware, including data on the malware command and control (C&C) servers.
In total, the operation investigated nearly 70 infostealer variants and 26,000 associated IPs and domains, with law enforcers seizing over 40 servers involved. Following the operation, authorities notified over 216,000 victims and potential victims so they could take immediate action – such as changing passwords, freezing accounts or removing unauthorised access.
Operation Secure highlights include:
- In Vietnam, police arrested 18 suspects, seizing devices from their homes and workplaces. The group’s leader was found with over VND 300-million ($11 500) in cash, SIM cards and business registration documents, pointing to a scheme to open and sell corporate accounts.
- In Sri Lanka and Nauru, as part of respective enforcement efforts, house raids were carried out by authorities. These actions led to the arrest of 14 individuals – 12 in Sri Lanka and two in Nauru – as well as the identification of 40 victims.
- In Hong Kong, police analysed over 1,700 pieces of intelligence provided by Interpol and identified 117 command-and-control servers hosted across 89 internet service providers. These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud and social media scams.
Neal Jetton, Interpol’s director of cybercrime, says: “Interpol continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
Yuliya Shlychkova, vice-president: global public affairs at Kaspersky, says: “Cyberthreats know no borders and neither should international cooperation. As front-line defenders, private companies span real-life data on cyberthreats and sharing this data with law enforcement helps put an ultimate end to threats propagation. Global cybersecurity is a shared responsibility and Kaspersky commends the convening role that Interpol plays in bringing together the stakeholders whose contribution is required for creating a safer digital world.”
The infostealer threat has recently been gaining momentum, with Kaspersky Digital Footprint Intelligence continuously monitoring dark web to detect compromised credentials, raise awareness on the threat and share strategies for mitigating associated risks.