Authorities across 72 countries arrest 94 suspects while targeting servers linked to credential theft and extortion schemes.
On 13 March 2026, Interpol and partner agencies disclosed publicly that they have dismantled a massive cybercrime infrastructure by taking down nearly 45,000 malicious IP addresses and domains used for phishing, malware, and ransomware operations worldwide, following a months-long crackdown spanning 72 countries.
The campaign, conducted under Operation SynergiaIII, resulted in 94 arrests as authorities targeted servers and hosting infrastructure underpinning credential theft, business email compromise, and extortion schemes that siphoned funds from victims across multiple regions.
Law enforcement agencies had used threat intelligence from security vendors and national cyber units to map links between command-and-control servers, phishing kits, and monetization channels, before moving to suspend or seize them through cooperation with infrastructure providers, according to reports.
The takedowns are part of a broader push against cyber-enabled financial crime, building on earlier operations such as HAECHI V, which had led to more than 5,500 arrests and seizures exceeding US$400m in 2024. In that operation, member countries pursued a spectrum of perpetrators of scams, including voice phishing, romance fraud, sextortion, investment swindles, illegal online gambling, business email compromise, and e-commerce fraud.
Interpol is also warning of emerging cryptocurrency schemes, circulating a Purple Notice about a “USDT token approval” fraud that exploits wallet permissions to drain victims’ stablecoin balances. The latest disruption of 45,000 malicious IPs is intended to blunt the infrastructure advantage enjoyed by cybercriminals, who rapidly retool phishing pages and malware distribution points to evade blacklists and law enforcement. The agency has increasingly paired takedown activity with its Global Rapid Intervention of Payments mechanism, which helps countries quickly freeze and recover stolen funds once a fraud pattern is detected.
The international police-cooperation network is urging more member states and private-sector partners to share indicators of compromise and payment data in near real time, arguing that coordinated global action is now essential as cybercrime groups shift between jurisdictions, payment rails, and digital assets to launder proceeds.
