In close cooperation with member countries, the private sector and national Computer Emergency Response Teams (CERTs), we help coordinate transnational cybercrime investigations and operations worldwide.
After detecting a global cryptojacking campaign exploiting a vulnerability in MikroTik routers, INTERPOL coordinated Operation Goldfish Alpha in Southeast Asia, where more than 20,000 hacked routers were initially identified. Cybercrime investigators and experts from police and national Computer Emergency Response Teams (CERTs) in the region worked together to locate the infected routers, alert the victims and patch the devices so they were no longer under the control of the cybercriminals, reducing the number of infections by 78 per cent.
Data provided by a private cybersecurity partner identified a strain of malware infecting e-commerce websites to steal payment card details and personal data. Using this data, under Operation Night Fury INTERPOL issued Cyber Activity Reports to the affected countries, highlighting the threat to support their national investigations. As a result, three cybercriminals were arrested in Indonesia with INTERPOL assistance.
INTERPOL has led several operations across different regions targeting organized cybercrime activity. These ‘cyber surges’ brought together investigators to act on threat information developed with private sector partners.
- ASEAN – The ASEAN operation combined the expertise of police and private sector to identify Command and Control servers spreading various types of malware, leading to the discovery of nearly 270 compromised websites, including government portals. A number of phishing website operators were also identified, including one with links to Nigeria. One criminal based in Indonesia selling phishing kits via the Darknet had posted YouTube videos showing customers how to use the illicit software.
- AMERICAS – Participating countries carried out one-the-ground action against cybercriminal infrastructures in the region based on intelligence provided by INTERPOL. Investigations led to the identification of 26 affected government websites, six hacker groups and several individual hackers, and information on nearly 40 phishing and malware distribution cases concerning 3,700 active cyberthreats.