INTERPOL Busts 20,000 Malicious IPs in Global Sweep

Interpol said it has dismantled more than 20,000 malicious internet addresses and domains tied to 69 strains of information-stealing malware, as part of a coordinated global crackdown on cybercrime.

The operation, dubbed Operation Secure, ran from January through April 2025 and involved law enforcement agencies from 26 countries. Authorities worked together to identify the malicious infrastructure, trace physical networks, and carry out targeted takedowns of affected servers.

The effort targeted IP addresses and domains used to host or deliver malware designed to steal sensitive data from individuals and organizations. The scale of the operation underscores the growing threat posed by information-stealing malware, which continues to be a common tool among cybercriminals.

Interpol did not disclose the names of the malware variants removed, but the operation reflects an increasing emphasis on international cooperation in combating cyber threats. The agency said the takedowns would significantly disrupt cybercriminal activities linked to these IPs and malware strains.