In a serious setback to the cyber criminal underground, an Interpol-led operation spanning 72 countries and territories has successfully neutralised more than 45,000 malicious IP addresses and servers, seized over 200 devices, and seen 94 people taken into custody, with well over 100 others still under investigation.
Dubbed Operation Synergia III, the action – which unfolded over a six-month period starting in mid-July 2025 – targeted the infrastructure used in cyber fraud, phishing, malware and ransomware campaigns.
Interpol hailed a major cross-border collaborative effort that saw data transformed into actionable intelligence, enabling it to provide tactical operational assistance to police forces all over the world, including in the UK. Technical support was provided by private sector cyber companies including Group-IB, Trend Micro, and S2W.
“Cyber crime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve,” said Interpol Cybercrime Directorate director Neal Jetton.
“Interpol remains at the forefront of this fight, uniting law enforcement agencies and private sector experts to dismantle criminal networks, disrupt emerging threats and protect victims around the world.”
Group-IB CEO Dmitry Volkov added: “Cyber criminal groups rely on complex infrastructure to scale phishing and malware operations globally.
“Operation Synergia III demonstrates how close cooperation between law enforcement agencies and private-sector partners can significantly disrupt these networks. By sharing intelligence on malicious infrastructure and attacker tactics, Group-IB remains committed to supporting global efforts to dismantle cybercrime operations and protect organizations and individuals worldwide.”
Many investigations conducted under the auspices of Operation Synergia III are still in progress and cannot yet be publicly discussed. However, Interpol shared some details of a few cases.
In Macau in China, for example, law enforcement identified and targeted 33,000 fraudulent websites, many relating to the gambling industry for which Macau is world-famous, but also financial services and governments. The websites were used to siphon money and personal data from scam victims.
Meanwhile, in Togo in Western Africa, authorities arrested 10 suspected of operating a fraud ring from a residential property – specialising in a variety of crimes from hacking social media accounts to romance scams and sextortion, and in Bangladesh, police arrested 40 and seized over 130 devices used in credit card fraud, identity theft, and loan and job scams.
Robert McArdle, director of cyber crime research at Trend Micro’s TrendAI, said: “Behind every malicious server or phishing kit sits a wider criminal ecosystem that needs to be mapped and understood before arrests become possible.
“Our support for investigations such as Tycoon2FA, and contributions to operations like this one led by Interpol, demonstrates how actionable threat intelligence can help authorities identify infrastructure, connect actors and disrupt cyber criminal networks at scale.”
Latest iteration of a serial operation
As its name suggests, Operation Synergia III is the third in a series of Interpol actions against organised cyber crime.
The previous action, Operation Synergia II, unfolded in 2024 and similarly resulted in the sinkholing of thousands of malicious IP addresses and servers, and at least 40 known arrests.
Operation Synergia II was similarly globe-trotting, with known actions taking place in Hong Kong, Mongolia, Macau, Madagascar and Estonia.
The first action in the series, in late 2023, targeted the command and control (C2) server infrastructure so beloved of cyber criminal gangs.
