Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, took part in a global INTERPOL-led law enforcement operation named Synergia, aimed at combating the surge of phishing, banking malware, and ransomware attacks in more than 50 countries. As part of the global operation, the Group-IB team identified more than 500 IP addresses hosting phishing resources and over 1,900 IP addresses associated with ransomware, Trojans, and banking malware operations. This information was then shared with the task force for further coordinated action. The operation, which ran from September to November 2023, resulted in the apprehension of 31 individuals, the identification of an additional 70 suspects, and the takedown of hundreds of command-and-control (C2) servers.
The three-month-long Operation Synergia was launched in response to the growth, escalation, and professionalization of transnational cybercrime and the need for coordinated action against emerging cyber threats. The operation brought together 60 law enforcement agencies spanning over 50 INTERPOL member countries as well as INTERPOL’s private sector Gateway Partners, with officers conducting house searches and seizing servers as well as electronic devices. To date, 70% of the C2 servers identified have been taken down, with the remainder currently under investigation.
Operation Synergia's impact extended to the Asia-Pacific, Europe, the Middle East & Africa, and other regions. Group-IB’s Threat Intelligence and High-Tech Crime Investigation teams collected and shared information about 500+ IP addresses hosting phishing sites and more than 1,900 IP addresses used by ransomware, Trojan and other malware operators. The identified malicious resources were found to be hosted in more than 50 countries, including Australia, Canada, Hong Kong, Singapore, and others. The malicious infrastructure used by the threat actors was distributed across 200+ web hosting providers around the world.
As a result, Hong Kong and Singapore Police dismantled 153 and 86 servers, respectively. Most of the C2 servers taken down were in Europe, where 26 people were arrested. On the African continent, South Sudan and Zimbabwe reported the highest number of takedowns, resulting in the arrest of four suspects. Meanwhile, Kuwait worked closely with Internet Service Providers to identify victims, conduct field investigations, and offer technical guidance to mitigate impacts.
“The results of this operation, achieved through the collective efforts of multiple countries and partners, show our unwavering commitment to safeguarding the digital space,” said Bernardo Pillot, Assistant Director to INTERPOL Cybercrime Directorate. “By dismantling the infrastructure behind phishing, banking malware, and ransomware attacks, we are one step closer to protecting our digital ecosystems and a safer, more secure online experience for all.”
"Operation Synergia has shown that the synergy of global law enforcement, national cyber police forces, and the private sector is paramount,” said Dmitry Volkov, CEO and co-founder of Group-IB. “Together, we forge a collective front, sharing cyber intelligence, and best practices to fight cybercrime. This approach highlights the pivotal role collaboration and effective data sharing plays in reducing the global impact of cybercrime.”