INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

45,000 Malicious IPs Dismantled by Interpol Operation Synergia III

| 2026-03-14 08:33 CRITICAL HIGH
JSON
Executive Summary AI-generated
The global cybercrime operation, codenamed Operation Synergia III, has dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. Conducted by INTERPOL with support from cybersecurity firms Group-IB, Trend Micro, and S2W, the operation led to 94 arrests worldwide, resulting in the seizure of over 212 devices. Authorities also disrupted criminal infrastructure and conducted raids across several countries, exposing diverse cybercrime schemes. This marks a significant escalation in global cooperation against sophisticated and destructive cyber threats, underscoring INTERPOL's role as a leading authority on combating cybercrime.
Technical Mitigations AI-generated
* Implement robust network segmentation and access controls: Organizations should ensure that their networks have multiple layers of security, including firewalls, intrusion detection systems, and VPNs, to limit the spread of malware and unauthorized access. * Use secure coding practices and input validation: Developers should follow best practices for secure coding, such as validating user input, using secure protocols (e.g., HTTPS), and implementing secure coding frameworks like OWASP Secure Coding Practices. * Regularly update and patch operating systems and software: Keeping software up-to-date with the latest security patches is crucial to prevent exploitation of known vulnerabilities. Regular updates should also include additional fixes for newly discovered issues. * Use encryption and secure communication protocols: Organizations should use end-to-end encrypted communication channels, such as Signal or WhatsApp, when transmitting sensitive information over public networks like email or messaging apps. * Implement a web application firewall (WAF): A WAF can help detect and prevent common web attacks by analyzing incoming traffic and blocking suspicious requests. This can be especially effective against phishing and malware-based attacks.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation Red CardOperation Red CardOperation SerengetiOperation SerengetiOperation SynergiaOperation SynergiaOperation Africa CyberOperation Africa CyberOperation Synergia IIIOperation Synergia IIIOperation LightningOperation LightningOperation Synergia IIOperation Synergia II
Target & Sectors
Global Scope governmentgovernment mediamedia
Incident Timeline
February 2024
Threat actors used Interpol's database to target 45,000 malicious IP addresses worldwide.
the end of 2024
Threat actors used phishing to target 95 countries, resulting in the dismantling of approximately 45,000 malicious IP addresses and the arrest of 41 individuals worldwide.
tactic Phishing
Synergia II continued the earlier campaign's focus on phishing , infostealers , and ransomware at the end of 2024, and saw 95 countries contribute to the 41 arrests .
tactic Ransomware
Synergia II continued the earlier campaign's focus on phishing , infostealers , and ransomware at the end of 2024, and saw 95 countries contribute to the 41 arrests .
general_metric 95 countries
Synergia II continued the earlier campaign's focus on phishing , infostealers , and ransomware at the end of 2024, and saw 95 countries contribute to the 41 arrests .
general_metric 41 arrests
Synergia II continued the earlier campaign's focus on phishing , infostealers , and ransomware at the end of 2024, and saw 95 countries contribute to the 41 arrests .
18 July 2025
Law enforcement from 72 countries and territories dismantled approximately 45,000 malicious IP addresses through Operation Synergia III.
campaign Operation Synergia III
“Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL.
general_metric 72 countries
“Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL.
between July 18, 2025
Threat actors used compromised Interpol databases to target individuals worldwide, including 45,000 malicious IP addresses.
tactic Phishing
Operation Synergia III ran between July 18, 2025, and January 31, 2026, focusing on crimes including phishing, romance scams, and credit card fraud.
campaign Operation Synergia III
Operation Synergia III ran between July 18, 2025, and January 31, 2026, focusing on crimes including phishing, romance scams, and credit card fraud.
July 18, 2025
Threat actors used law enforcement agencies from 72 countries to target and dismantle approximately 45,000 malicious IP addresses worldwide during Operation Synergia III.
campaign Operation Synergia III
The operation, called Operation Synergia III, ran from July 18, 2025, to January 31, 2026, and involved law enforcement agencies from 72 countries and territories.
general_metric 72 countries
The operation, called Operation Synergia III, ran from July 18, 2025, to January 31, 2026, and involved law enforcement agencies from 72 countries and territories.
between July 2025
Threat actors used Interpol's Operation Synergia III to target and dismantle 45,000 malicious Internet Protocol addresses worldwide.
general_metric 72 countries
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
general_metric 94 arrests
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
general_metric 110 ongoing investigations
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
infrastructure 212 devices
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
attribution Interpol
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
January 2026
The authorities dismantled 45,000 malicious IP addresses in Togo and seized electronic devices and servers worldwide during Operation Synergia III.
general_metric 72 countries
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
general_metric 94 arrests
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
general_metric 110 ongoing investigations
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
infrastructure 212 devices
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
In total 212 electronic devices and servers were seized.
attribution Interpol
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
infrastructure 134 devices
Meanwhile, in Bangladesh, authorities arrested 40 suspects and seized 134 devices tied to loan, job, identity theft, and credit card scams.
organisation Group-IB
The operation was coordinated by INTERPOL with support from cybersecurity firms Group-IB, Trend Micro, and S2W. “Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve.”
organisation Trend Micro
The operation was coordinated by INTERPOL with support from cybersecurity firms Group-IB, Trend Micro, and S2W. “Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve.”
organisation the Cybercrime Directorate
Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, said.
organisation SecurityAffairs
Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, cybercrime)
31 January 2026
Law enforcement from 72 countries and territories dismantled approximately 45,000 malicious IP addresses through Operation Synergia III.
campaign Operation Synergia III
“Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL.
general_metric 72 countries
“Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL.
January 31, 2026
Threat actors used law enforcement agencies from 72 countries and territories to target individuals through Operation Synergia III.
tactic Phishing
Operation Synergia III ran between July 18, 2025, and January 31, 2026, focusing on crimes including phishing, romance scams, and credit card fraud.
campaign Operation Synergia III
Operation Synergia III ran between July 18, 2025, and January 31, 2026, focusing on crimes including phishing, romance scams, and credit card fraud.
The operation, called Operation Synergia III, ran from July 18, 2025, to January 31, 2026, and involved law enforcement agencies from 72 countries and territories.
general_metric 72 countries
The operation, called Operation Synergia III, ran from July 18, 2025, to January 31, 2026, and involved law enforcement agencies from 72 countries and territories.
the 12th of March 2026
The European and US authorities dismantled the SocksEscort proxy network on March 12, 2026.
source_region United States
Separate takedown targets SocksEscort proxy network As reported on the 12th of March 2026, in a separate cybercrime enforcement action, European and US authorities dismantled SocksEscort , a proxy network used by cybercrime groups to hide their online activity.
attribution Separate
Separate takedown targets SocksEscort proxy network As reported on the 12th of March 2026, in a separate cybercrime enforcement action, European and US authorities dismantled SocksEscort , a proxy network used by cybercrime groups to hide their online activity.
attribution SocksEscort
Separate takedown targets SocksEscort proxy network As reported on the 12th of March 2026, in a separate cybercrime enforcement action, European and US authorities dismantled SocksEscort , a proxy network used by cybercrime groups to hide their online activity.
2026-03-13
Ninety-four people were arrested worldwide as part of Interpol's Operation Synergia III.
March 13
Threat actors used Interpol's Operation Synergia III to target and dismantle 45,000 malicious IP addresses worldwide.
tactic Phishing
In a separate statement , also published on March 13, Group-IB confirmed it shared information on phishing domains, hosting infrastructure and servers which distributed malware such as infostealers.
organisation IP
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
general_metric 72 countries
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
infrastructure 45,000 malicious IP addresses
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
general_metric 94 arrests
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
organisation Group-IB
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
organisation Trend Micro
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
general_metric 110 ongoing investigations
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
infrastructure 212 devices
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
July 2025 to January 2026
Threat actors used Interpol's Operation Synergia III to target and dismantle 45,000 malicious Internet Protocol addresses worldwide.
between September and November 2023
Threat actors used Interpol's database to target 45,000 malicious IP addresses between September and November 2023.
18 2025 to January 31, 2026
Threat actors used Interpol's Operation Synergia III to target and dismantle 45,000 malicious IP addresses worldwide.
campaign Operation Synergia III
The effort, codenamed Operation Synergia III, ran from July, 18 2025 to January 31, 2026.
between April and August 2024
Threat actors used Interpol's Operation Synergia III to target and dismantle 45,000 malicious IP addresses across the globe.
general_metric 41 arrests
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
campaign Operation Synergia II
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
infrastructure 22,000 malicious IP addresses
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
infrastructure 1,037 servers
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
December 8 and January 30
African police arrested 651 suspects and recovered $4.3 million in a joint Interpol operation codenamed Operation Red Card 2.0 between December 8 and January 30, targeting suspected cybercrime perpetrators across 16 countries.
attribution Operation Red Card
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
general_metric 16 countries
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
general_metric 651 suspects
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
financial $4.3 suspects
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
general_metric 2.0 Operation Red Card
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
2026-03-14
Interpol dismantled 45,000 malicious IPs and servers in a global cybercrime operation.
organisation Cybercrime Rings Dismantled
Cybercrime Rings Dismantled from Togo to Macau Operation Synergia III targeted a wide range of cybercriminal activities , including fraudulent websites, phishing campaigns, malware distribution, ransomware attacks, romance scams and credit card fraud schemes.
organisation Interpol
Some specialized in technical crimes such as hacking social media accounts, while others carried out social engineering schemes including romance scams and sextortion," Interpol noted .
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide.
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation.
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested.
Interpol's 'Operation Synergia III' Nets 94 Arrests in Major Cybercrime Sweep.
"Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve," Neal Jetton, INTERPOL's Director of the Cybercrime Directorate, added on Friday.
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns.
infrastructure 134 devices
In Bangladesh, investigators arrested 40 suspects and seized 134 electronic devices connected to cybercrime activities, including loan scams, fake job offers, identity theft and credit card fraud.
In Bangladesh, police arrested 40 suspects and seized 134 electronic devices tied to a variety of cybercrime schemes, from loan and job scams to identity theft and credit card fraud.
"In Bangladesh, police arrested 40 suspects and seized 134 electronic devices related to a large range of cybercrime schemes, including loan and job scams, identify theft or credit card fraud.
organisation IP
INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware.
An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide.
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns.
It is worth noting that in 2024, INTERPOL conducted Operation Synergia II , which led to 41 arrests and the takedown of 22,000 malicious IP addresses and 59 servers worldwide.
infrastructure 45,000 malicious IP addresses
INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware.
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide.
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation.
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested.
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns.
The headline figures are 212 devices seized and more than 45,000 malicious IP addresses associated with suspects sinkholed by law enforcement.
During the operation, authorities took down more than 45,000 malicious IP addresses and servers.
Police sinkholes 45,000 IP addresses in cybercrime crackdown.
infrastructure 1,300 servers
During the first stage of Operation Synergia , law enforcement identified another 70 cybercrime suspects and took down another 1,300 command-and-control servers used in ransomware, phishing, and malware campaigns.
organisation IPs
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide.
organisation Group-IB
Seventy-two countries participated in Operation Synergia III, with private sector support coming from Group-IB, S2W, and Trend Micro.
organisation Trend Micro
Seventy-two countries participated in Operation Synergia III, with private sector support coming from Group-IB, S2W, and Trend Micro.
INTERPOL worked with cybersecurity firms Group-IB , Trend Micro, and S2W to identify malicious infrastructure and track cybercriminal activity during the operation.
organisation Major Cybercrime Sweep
Interpol's 'Operation Synergia III' Nets 94 Arrests in Major Cybercrime Sweep.
organisation the Cybercrime Directorate
"Cybercrime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve," Neal Jetton, INTERPOL's Director of the Cybercrime Directorate, added on Friday.
infrastructure 22,000 malicious IP addresses
It is worth noting that in 2024, INTERPOL conducted Operation Synergia II , which led to 41 arrests and the takedown of 22,000 malicious IP addresses and 59 servers worldwide.
infrastructure 59 servers
It is worth noting that in 2024, INTERPOL conducted Operation Synergia II , which led to 41 arrests and the takedown of 22,000 malicious IP addresses and 59 servers worldwide.
infrastructure 212 devices
The headline figures are 212 devices seized and more than 45,000 malicious IP addresses associated with suspects sinkholed by law enforcement.
The international law enforcement operation led to 94 arrests, 110 ongoing investigations, and the seizure of 212 devices.
Authorities also carried out raids, disrupted criminal infrastructure, and seized 212 electronic devices and servers.
organisation Trend Micro's
Robert McArdle, director of cybercrime research at Trend Micro's TrendAI unit, said: "This kind of international operation highlights the value of close collaboration between law enforcement and the cybersecurity community.
organisation INTERPOL’s Cybercrime Directorate
Neal Jetton, Director of INTERPOL’s Cybercrime Directorate, said the investigation showed how international cooperation can help disrupt organized cybercrime networks operating across multiple regions.
infrastructure 200 electronic devices
In total, over 200 electronic devices and servers were seized as part of the operation.
infrastructure 34 domains
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
infrastructure 23 servers
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
financial $3.5 operation
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
organisation The Red Report 2026
The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Tactical Metrics
Metrics
infrastructure
134
Devices
Meanwhile, in Bangladesh, authorities arrested 40 suspects and seized 134 devices tied to loan, job, identity theft, and credit card scams.
In Bangladesh, investigators arrested 40 suspects and seized 134 electronic devices connected to cybercrime activities, including loan scams, fake job offers, identity theft and credit card fraud.
In Bangladesh, police arrested 40 suspects and seized 134 electronic devices tied to a variety of cybercrime schemes, from loan and job scams to identity theft and credit card fraud.
"In Bangladesh, police arrested 40 suspects and seized 134 electronic devices related to a large range of cybercrime schemes, including loan and job scams, identify theft or credit card fraud.
Metrics
infrastructure
45,000
Malicious Ip Addresses
INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware.
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide.
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation.
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns.
The headline figures are 212 devices seized and more than 45,000 malicious IP addresses associated with suspects sinkholed by law enforcement.
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested.
During the operation, authorities took down more than 45,000 malicious IP addresses and servers.
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
Police sinkholes 45,000 IP addresses in cybercrime crackdown.
Metrics
infrastructure
212
Devices
The international law enforcement operation led to 94 arrests, 110 ongoing investigations, and the seizure of 212 devices.
Authorities also carried out raids, disrupted criminal infrastructure, and seized 212 electronic devices and servers.
In total 212 electronic devices and servers were seized.
The headline figures are 212 devices seized and more than 45,000 malicious IP addresses associated with suspects sinkholed by law enforcement.
It was coordinated by Interpol and involved law enforcement units from 72 countries as well as private sector partners, including Group-IB, Trend Micro and S2W. In a March 13 announcement , Interpol said the operation led to the seizure of 212 electronic devices and servers, the takedown of 45,000 malicious IP addresses and the arrest of 94 people, with another 110 individuals still under investigation.
During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another 110 suspects still under investigation.
Metrics
infrastructure
22,000
Malicious Ip Addresses
It is worth noting that in 2024, INTERPOL conducted Operation Synergia II , which led to 41 arrests and the takedown of 22,000 malicious IP addresses and 59 servers worldwide.
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
Metrics
infrastructure
59
Servers
It is worth noting that in 2024, INTERPOL conducted Operation Synergia II , which led to 41 arrests and the takedown of 22,000 malicious IP addresses and 59 servers worldwide.
Metrics
infrastructure
200
Electronic Devices
In total, over 200 electronic devices and servers were seized as part of the operation.
Metrics
infrastructure
34
Domains
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
Metrics
infrastructure
23
Servers
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
Metrics
financial
3,500,000
Operation
Authorities also seized 34 domains and 23 servers linked to the operation and froze around $3.5 million in cryptocurrency associated with the service.
Metrics
infrastructure
1,300
Servers
During the first stage of Operation Synergia , law enforcement identified another 70 cybercrime suspects and took down another 1,300 command-and-control servers used in ransomware, phishing, and malware campaigns.
Metrics
infrastructure
1,037
Servers
This joint operation follows Operation Synergia II , which led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating from 22,000 IP addresses.
Metrics
financial
4,300,000
Suspects
More recently, between December 8 and January 30, African police across 16 countries arrested 651 suspects and recovered over $4.3 million in another Interpol-coordinated joint police action codenamed Operation Red Card 2.0 .
Intelligence Sources
Security Affairs 2026-03-14
The Register - Cybercrime 2026-03-13
HackRead 2026-03-13
Infosecurity-Magazine 2026-03-13
BleepingComputer 2026-03-13