An international operation aimed at countering the rising threat of phishing, banking malware, and ransomware attacks globally has successfully dismantled command-and-control (C2) servers across Africa and the Middle East. Led by Interpol, the Synergia operation engaged 60 law enforcement agencies, including 17 from the Middle East and Africa (MEA) region.
Notably, significant takedowns occurred in South Sudan and Zimbabwe, resulting in four arrests. Kuwait law enforcement collaborated with Internet Service Providers (ISPs) to identify victims, conduct field investigations, and provide technical guidance to mitigate the impacts of cyber threats.
Collaborating with local law enforcement and cybersecurity firms such as Group-IB, Kaspersky, ShadowServer, Team Cymru, and TrendMicro, Interpol executed the operation from September to November. The global initiative led to the arrest of 31 individuals and the identification of 70 additional suspects.
Beyond the MEA region, the operation yielded notable results worldwide:
- Europe witnessed the majority of C2 server takedowns, resulting in 26 arrests.
- The Hong Kong and Singapore Police successfully took down 153 and 86 servers, respectively.
- Bolivia mobilized various public authorities to identify malware and vulnerabilities.
Synergia also uncovered malicious infrastructure and resources in over 50 countries, spread across 200 web hosting providers globally. Currently, 70% of the C2 servers have been taken offline, with the remainder under investigation.
Bernardo Pillot, Assistant Director to the Interpol Cybercrime Directorate, emphasized the collaborative efforts of multiple countries and partners, underscoring the commitment to safeguarding the digital space. By dismantling the infrastructure supporting phishing, banking malware, and ransomware attacks, the operation aims to create a more secure online environment for users worldwide.