Law enforcement bin 45,000 malicious IPs

Nearly 100 arrests made around the world – so far

An international operation, coordinated by Interpol, has taken down more than 45,000 malicious IP addresses and servers, and seized over 200 devices.

Operation Synergia III ran between July 2025 and January this year, targeting phishing, malware and ransomware schemes.

Interpol described some of the key cases in the operation to demonstrate the breadth of criminal activity involved. They include more than 33,000 malicious websites hosted in Macau, China; a fraud ring operating from a residential area in Togo, where authorities made 10 arrests; and 40 suspects arrested in Bangladesh accused of a range of schemes, including scams, fraud and identity theft.

Seventy-two countries, from Angola to Zimbabwe, were involved in the operation, as well as private companies Group-IB, Trend Micro and S2W.

Robert McArdle, director of cybercrime research at TrendAI (a business unit of Trend Micro) said the operation “highlights the value of close collaboration between law enforcement and the cybersecurity community.”

He added, “Behind every malicious server or phishing kit sits a wider criminal ecosystem that needs to be mapped and understood before arrests become possible.”

In total authorities arrested 94 people as part of the operation and have a further 110 under investigation.

Operation Synergia III’s conclusion comes just a week after authorities scored two major wins: first taking down prominent crime forum Leakbase, and then shutting down phishing platform Tycoon2FA.

This follows Operation Endgame in 2024, the impact of which was still being felt in the cybercrime community last May.