Operation Synergia III: Global Police Effort Seizes 45,000 Malicious Servers in Fight Against Cybercrime
A coordinated international law enforcement effort involving agencies from 72 countries has resulted in the seizure of more than 45,000 malicious IP addresses and the arrest of 94 individuals. The operation, spearheaded by INTERPOL and supported by private sector intelligence, targeted the digital infrastructure used to facilitate phishing, malware distribution, and ransomware attacks on a global scale.
Background and Context
Operation Synergia III, conducted between July 2025 and January 2026, was established to disrupt the complex networks that underpin modern digital crime. As cybercriminal operations have become increasingly sophisticated, reliance on distributed server networks and fraudulent domains has grown. The operation aimed to dismantle this "malicious infrastructure," which is often used to impersonate legitimate financial institutions and government services to defraud victims. According to findings released by Group-IB, a cybersecurity firm involved in the initiative, the operation highlights the critical need for cross-border cooperation to track and neutralize these threats.
Key Figures and Entities
The operation relied on the collaboration of public and private sector entities. Dmitry Volkov, CEO of Group-IB, emphasized the necessity of intelligence sharing, noting that cybercriminal groups use intricate systems to scale their operations. His firm provided adversary-centric threat intelligence, including data on phishing domains and hosting infrastructure.
Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, described the initiative as a testament to what global cooperation can achieve against increasingly destructive cybercrime. The partnership involved significant contributions from INTERPOL, Europol, and AFRIPOL, leveraging the technical capabilities of private cybersecurity experts to aid law enforcement.
Legal and Financial Mechanisms
Investigators utilized predictive threat intelligence to identify and disrupt the technical underpinnings of criminal schemes. The focus was on "infrastructure as a service" used by criminals, specifically servers distributing infostealers and hosting phishing kits. By analyzing hosting infrastructure and attacker tactics, authorities were able to trace malicious activities back to specific physical locations and individuals. This approach led to the seizure of 212 electronic devices and servers, effectively cutting off the digital lifelines for numerous fraud rings.
International Implications and Policy Response
The operation yielded significant results across multiple jurisdictions, illustrating the borderless nature of cybercrime. In Macau, China, investigators identified over 33,000 fraudulent websites impersonating casinos and government services. In Togo, police dismantled a ring involved in social media hacking and romance scams, while authorities in Bangladesh arrested 40 suspects connected to loan and job fraud schemes. These cases demonstrate the diverse methods employed by cybercriminals and the necessity of a unified global response to protect personal and financial data.
Sources
This report is based on a press release issued by Group-IB regarding the findings of Operation Synergia III, as well as official statements from INTERPOL. The operational data covers the period from July 2025 to January 2026.
