The cybercrime scene has again demonstrated its global reach: in a coordinated multinational operation, authorities put tens of thousands of digital resources out of service that served as a basis for scams, malware and Ransomware campaigns. According to the INTERPOL 45,000 IP addresses and malicious servers were disabled in the framework of the third phase of Operation Synergia, which brought together security forces from 72 countries and territories. The aim was to disarm criminal infrastructure and cut the roads that allow massive scams and automated attacks.
The numbers that have been made public give an idea of the magnitude: 94 people arrested the authorities and 110 others are still under investigation, while 212 devices and servers were seized in different records. But beyond figures, local accounts help to understand how this effort translates into concrete blows against criminal networks. In Bangladesh, for example, the action left 40 detainees and the confiscation of 134 devices linked to a variety of fraud ranging from false job offers to identity theft and card fraud.
In Togo, research revealed a band operating from homes, combining intrusion techniques in social media accounts with sophisticated social engineering strategies. After unlicensed access to foreign profiles, the criminals contacted the victims' contacts by supplanting their identity, initiating alleged romantic relationships or sexual extortion to pressure these people to send money. It is a form of chain scam: the initial victim serves as a bridge to deceive third parties, and the benefit of fraud is multiplied with each secondary victim.
Another edge of the operation was Macau, where more than 33,000 fraudulent websites were identified. Many of these portals were used for casinos and essential services - banks, government agencies and payment platforms - with the intention of users completing forms, recharging balances or introducing personal data. These pages show the other side of cybercrime: it is not always a visible malware, but of traps designed for people to deliver their credentials or money on their own.
Behind these coordinated actions is a sustained effort to exchange intelligence and collaboration between public forces and, in many cases, with the private sector. Operations such as Synergia are not improvised: they need to track infrastructure housed in multiple jurisdictions, raise forensic evidence and block funding routes that often cross banks, payment services and technology platforms. The work of agencies such as the Europol which articulates support for such operations in Europe.
In parallel to the actions of INTERPOL, India explained a comprehensive investigation into an alleged transnational fraud network using a Dubai-based fintech platform called Pyypl as one of the money-laundering nodes. The Central Bureau of Investigation (CBI) from India reported simultaneous searches in 15 homes and noted that thousands of people had been induced to deliver money through investment schemes and false job offers. According to the agency, the fraudsters convinced the victims to make small deposits to show alleged returns and then requested higher amounts.
The laundering mechanics described by the authorities combine well-known and effective tactics to evade controls: quick transfers between "mule" accounts, removed in international cashiers with cards enabled to operate outside the country, recharges of digital purse and sometimes conversion of funds to cryptomonedas such as USDT to move money outside the traditional banking circuit. The use of wallets "white-listed" and local exchanges to convert fiat into stablecoins facilitates the transfer of funds to destinations that then consolidate them into screen companies, a practice that complicates the tracing of the illicit origin of money.
In the Indian action, bank accounts have been frozen, digital evidence and documents seized, and the authorities have been arrested as one of the organizers, Ashok Kumar Sharma. This type of case illustrates how a scam that starts with an attractive message on social networks can eventually generate chains of financial operations that cross borders and payment systems. For those investigating these crimes, the combination of digital evidence and financial cooperation is crucial; international organizations such as the FATF / FATF have been warning about the risks around cryptomonedas and the need for stricter controls on exchanges.
Understanding how these campaigns work helps to see why closing servers and IP addresses is just a part of the solution. Modern scams mix social engineering, seemingly legitimate platforms and collection routes that are designed to look like common operations in the financial system. Reports and analysis of the cybersecurity industry show that scammers prefer to start with small deposits to build confidence, show fictitious gains and, once credibility is gained, ask for larger amounts or access to sensitive data. In order to deepen the trends and tactics of the attackers, the threat analysis repository of specialized companies can be consulted. Proofpoint.
What lessons does all this leave for the common user? First, prudence with links and sites that ask for data or payments: many scams start with a convincing link that redirects to a perfect clone of a legitimate website. Secondly, distrust of financial promises that sound too good and review several sources before investing. And third, take basic security measures: multifactor authentication, bank movements review and, in the light of the slightest suspicion, contact the bank or platform involved before sending money. Authorities and companies can dismount infrastructure and close accounts, but the first defence barrier remains individual prevention.
The INTERPOL operation and the CBI investigations show that the police response can be effective when there is political will and international collaboration. However, the ability of criminals to adapt and reuse new technologies means that this is a long-term combat. The key will be to improve cooperation between countries, to strengthen the traceability of financial flows and to increase digital user literacy so that fewer people are victims of networks that are now operating globally.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...