A comprehensive four-month international cybersecurity operation has successfully disrupted a sophisticated global infostealer infrastructure, resulting in 32 arrests across 26 countries and the seizure of numerous command-and-control servers. Codenamed “Operation Secure,” this coordinated law enforcement effort represents one of the most significant strikes against information-stealing malware networks in recent years.
Coordinated Global Response to Cyber Threats
Running from January through April 2025, Operation Secure was orchestrated by Interpol and specifically targeted Asian cybercriminal groups specializing in developing and distributing information-stealing malware. The operation’s international scope underscores the borderless nature of modern cyber threats and the critical need for coordinated global responses.
Law enforcement agencies focused particularly on Hong Kong’s infrastructure, where investigators uncovered a massive cluster of 117 servers distributed across nearly 90 different hosting providers. These servers functioned as command-and-control centers for phishing campaigns and various fraudulent schemes, demonstrating the sophisticated nature of modern cybercriminal operations.
Vietnam Delivers Major Breakthrough
Vietnamese authorities achieved the operation’s most significant success, apprehending 18 suspects including the leader of a criminal organization specializing in selling access to compromised corporate accounts. This arrest is particularly significant as the trade in compromised credentials represents a fundamental component of the cybercrime ecosystem, enabling various downstream criminal activities.
Private Sector Collaboration Proves Essential
The operation’s success was made possible through unprecedented cooperation between law enforcement and leading cybersecurity firms. Kaspersky Lab, Group-IB, and Trend Micro provided crucial technical expertise and threat intelligence that enabled authorities to identify and dismantle the criminal infrastructure effectively.
Group-IB researchers reported that the operation significantly damaged infrastructure associated with dangerous malware families including Lumma Stealer, RisePro, and META Stealer. The cybersecurity firm provided detailed intelligence on malware operators’ methodologies and technical infrastructure characteristics, enabling targeted law enforcement action.
Disrupting Underground Digital Economy
A critical achievement of Operation Secure was identifying and blocking malware distribution channels operating through Telegram messaging platforms and darknet marketplaces. Group-IB experts tracked cybercriminal accounts used for advertising infostealers and selling stolen personal data, delivering a substantial blow to the shadow digital economy that enables these criminal enterprises.
Continued Pressure on Lumma Stealer Operations
Operation Secure represents the second major offensive against Lumma Stealer infrastructure within recent months. Previously, in May 2025, the U.S. Department of Justice, FBI, and Microsoft collaborated to seize approximately 2,300 domains connected to this dangerous information-stealing malware, demonstrating sustained international pressure on these criminal networks.
Understanding Infostealer Threats
Infostealers constitute specialized malicious software designed to extract confidential information from infected devices. These programs can harvest passwords, banking credentials, cryptocurrency wallets, and other sensitive data, which is subsequently sold on underground markets. The stolen information often enables identity theft, financial fraud, and corporate espionage.
The success of Operation Secure demonstrates the effectiveness of coordinated international law enforcement efforts against transnational cybercrime. However, cybersecurity experts emphasize that combating infostealers requires continuous vigilance from both authorities and individual users. Organizations and individuals must maintain robust cybersecurity practices, including regular software updates, multi-factor authentication, and comprehensive endpoint protection solutions to defend against evolving threats in the digital landscape.
