Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 700
- Reaction score
- 2,354
- Points
- 93
An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. Led by Interpol and conducted from January to April 2025, the operation focused on disrupting infostealer malware groups that steal financial and personal data through widespread infections. The data stolen by infostealers commonly includes account credentials, browser cookies, and cryptocurrency wallet details. This data is then compiled into "logs" and sold on cybercrime markets or used in targeted attacks against high-value victims. The results of Operation Secure are significant, resulting in:
Operation Secure was also assisted by private cybersecurity partners, including Kaspersky, Group-IB, and Trend Micro. The researchers provided mission-critical intelligence to the authorities on the activity of the identified operators and infrastructure. Group-IB also tracked the operators' Telegram and dark web accounts that were used to advertise the malware and sell stolen data. This is the second significant disruption for Lumma Stealer, following another international effort led by the U.S. DoJ, the FBI, and Microsoft in May 2025. During that action, the authorities seized 2,300 domains associated with the malware-as-a-service information stealer operation, whose access was sold to other cybercriminals for a subscription between $250 and $1,000. META also suffered a disruption previously, in October 2024, when 'Operation Magnus' seized infrastructure and data associated with the cybercrime platform. Infostealers have become a major cybersecurity threat in recent years, fueling many high-profile breaches we regularly report on. Stolen data from these malware infections has been linked to incidents at UnitedHealth, PowerSchool, HotTopic, CircleCI, and Snowflake.
- Over 20,000 malicious IPs/domains linked to infostealers were taken down
- 41 servers supporting info-stealers operations were seized
- 32 suspects were arrested
- 100 GB of data was confiscated
- 216,000 victims were notified
*authorities seize servers facilitating cybercrime operations. Source: Interpol
Operation Secure was also assisted by private cybersecurity partners, including Kaspersky, Group-IB, and Trend Micro. The researchers provided mission-critical intelligence to the authorities on the activity of the identified operators and infrastructure. Group-IB also tracked the operators' Telegram and dark web accounts that were used to advertise the malware and sell stolen data. This is the second significant disruption for Lumma Stealer, following another international effort led by the U.S. DoJ, the FBI, and Microsoft in May 2025. During that action, the authorities seized 2,300 domains associated with the malware-as-a-service information stealer operation, whose access was sold to other cybercriminals for a subscription between $250 and $1,000. META also suffered a disruption previously, in October 2024, when 'Operation Magnus' seized infrastructure and data associated with the cybercrime platform. Infostealers have become a major cybersecurity threat in recent years, fueling many high-profile breaches we regularly report on. Stolen data from these malware infections has been linked to incidents at UnitedHealth, PowerSchool, HotTopic, CircleCI, and Snowflake.