By | Destiny Young
INTERPOL has announced the dismantling of more than 45,000 malicious IP addresses and servers in a coordinated international cybercrime operation targeting phishing, malware and ransomware networks.
The operation, codenamed Operation Synergia III, was carried out between July 18, 2025 and January 31, 2026, with law enforcement agencies from 72 countries and territories taking part.
INTERPOL said the operation led to the arrest of 94 suspects, while another 110 individuals remain under investigation. Authorities also seized 212 electronic devices and servers during enforcement actions linked to the operation.
The agency said the crackdown was driven by intelligence-sharing between law enforcement bodies and private cybersecurity partners, which helped identify criminal infrastructure and support coordinated takedowns across multiple jurisdictions.
According to INTERPOL, private sector partners involved in the operation included Group-IB, Trend Micro and S2W, all of which contributed intelligence used to map malicious infrastructure and support enforcement activity.
The operation also exposed the wide geographic spread of cyber-enabled crime and the range of scams powered by the dismantled infrastructure.
In Macau, investigators identified more than 33,000 phishing and fraudulent websites, including fake pages designed to mimic casinos, banks, government portals and payment platforms. These sites were used to lure victims into disclosing personal information or making fraudulent payments.
In Togo, police arrested 10 suspects accused of operating a fraud ring from a residential property. INTERPOL said the group was linked to hacked social media accounts, romance fraud and sextortion schemes.
In Bangladesh, authorities arrested 40 suspects and seized 134 devices connected to criminal activity including job scams, loan fraud, identity theft and illegal payment schemes.
Nigeria was among the countries that participated in the operation, although INTERPOL did not provide a country-specific enforcement breakdown for Nigeria in its summary of results.
The latest action marks the third phase of Operation Synergia, showing that international law enforcement agencies are continuing to scale up joint cyber disruption campaigns as threat actors rely on globally distributed digital infrastructure to run attacks.
The operation underscores a key point for governments, businesses and internet users, cybercrime networks still depend heavily on accessible infrastructure. Once that infrastructure is identified and shared across borders, authorities can disrupt large parts of the ecosystem even when the actors themselves remain dispersed.
For cybersecurity professionals, the outcome also reinforces the importance of cross-border intelligence-sharing, public-private collaboration and faster identification of malicious hosting, phishing infrastructure and criminal service nodes.
