An operation to combat the wave of phishing, banking malware and ransomware attacks across the world has seen command and control (C2) servers taken down across Africa and the Middle East.
The one led by Interpol Synergy operation involved 60 law enforcement agencies, including 17 from across the Middle East and Africa (MEA) region. The greatest number of takedowns in Africa they went to South Sudan and Zimbabwe and resulted in four arrests. Meanwhile, Kuwait’s law enforcement agencies have been working closely with ISPs to “identify victims, conduct field investigations and offer technical assistance to mitigate impacts,” according to Interpol.
Interpol worked with local law enforcement agencies and external cybersecurity firms (including Group-IB, Kaspersky, ShadowServer, Team Cymru and TrendMicro). The operation ran from last September until November and led to the arrest of 31 people worldwide and the identification of a further 70 suspects.
Beyond the MEA region, Interpol reported other global findings as follows:
-
Most of the removed C2 servers were located in Europe, where 26 people were arrested;
-
Police in Hong Kong and Singapore blocked 153 and 86 servers respectively;
-
Bolivia has mobilized a number of public authorities to identify the malware and resulting vulnerabilities.
Operation Synergia also identified malicious infrastructure and resources in more than 50 countries, spread across more than 200 web hosting providers worldwide. So far, 70% of the command and control (C2) servers have been taken offline and the rest are under investigation.
“The results of this operation, achieved through the collective efforts of multiple countries and partners, show our continued commitment to safeguarding the digital space,” Bernardo Pillot, deputy director of Interpol’s Cybercrime Directorate, said in a statement. “By dismantling the infrastructure behind phishing, banking malwareAND ransomware attackswe are one step closer to protecting our digital ecosystems and a safer online experience for everyone.”