- 790
- 211
An international law enforcement operation codenamed Operation Secure , targeting infostealer infrastructure, resulted in 32 arrests, data seizures, and server confiscations in 26 countries.
The operation, led by Interpol and running from January to April 2025, targeted Asian hacker groups linked to infostealers. As a result of Operation Secure, law enforcement:
It is also reported that law enforcement officers have identified a large cluster of 117 servers in Hong Kong, hosted by almost 90 providers, which were used as C&C infrastructure in phishing operations by criminals, and were also involved in various frauds.
Vietnamese police, which took part in the operation, said they arrested 18 suspects, including the leader of a criminal group that sold access to corporate accounts.
In addition, private information security companies took part in Operation Secure, including Kaspersky Lab , Group-IB and Trend Micro .
According to Group-IB specialists, as a result of law enforcement actions, the infrastructure associated with Lumma, RisePro and META Stealer malware was affected.
The researchers report that they have passed on important information to the authorities about the activities of the identified malware operators and their infrastructure. Group-IB also tracked the attackers' accounts on Telegram and the darknet, which were used to advertise malware and sell stolen data.
Let us recall that this is the second "attack" by law enforcement agencies on Lumma's infrastructure in recent months. Earlier, in May 2025 , the US Department of Justice, the FBI and Microsoft confiscated about 2,300 domains associated with the stealer's activities.
The operation, led by Interpol and running from January to April 2025, targeted Asian hacker groups linked to infostealers. As a result of Operation Secure, law enforcement:
- disabled over 20,000 IP addresses/domains associated with infostealers;
- 41 servers supporting stealer operations were confiscated;
- 32 suspects were arrested;
- more than 100 GB of data was seized;
- 216,000 victims were notified of compromise.
It is also reported that law enforcement officers have identified a large cluster of 117 servers in Hong Kong, hosted by almost 90 providers, which were used as C&C infrastructure in phishing operations by criminals, and were also involved in various frauds.
Vietnamese police, which took part in the operation, said they arrested 18 suspects, including the leader of a criminal group that sold access to corporate accounts.
In addition, private information security companies took part in Operation Secure, including Kaspersky Lab , Group-IB and Trend Micro .
According to Group-IB specialists, as a result of law enforcement actions, the infrastructure associated with Lumma, RisePro and META Stealer malware was affected.
The researchers report that they have passed on important information to the authorities about the activities of the identified malware operators and their infrastructure. Group-IB also tracked the attackers' accounts on Telegram and the darknet, which were used to advertise malware and sell stolen data.
Let us recall that this is the second "attack" by law enforcement agencies on Lumma's infrastructure in recent months. Earlier, in May 2025 , the US Department of Justice, the FBI and Microsoft confiscated about 2,300 domains associated with the stealer's activities.