INTERPOL Operation Synergia III Disrupts Global Phishing and Fraud Infrastructure
INTERPOL said Operation Synergia III led to the arrest of 94 suspects, the seizure of 212 devices and servers, and the sinkholing or takedown of more than 45,000 malicious IP addresses tied to cybercrime infrastructure across 72 countries and territories. The operation ran from July 2025 through January 2026 and targeted infrastructure supporting phishing, malware, ransomware, romance scams, credit card fraud, and related online fraud. Authorities said 110 additional individuals remain under investigation, underscoring that follow-on enforcement activity is still ongoing.
Preliminary case details show broad international participation and a focus on both technical infrastructure and fraud operators. In Macau, investigators identified more than 33,000 phishing and fraudulent websites, including fake casino, banking, government, payment, and other critical-service sites used to steal credentials and payment data. In Bangladesh, authorities arrested 40 suspects and seized 134 devices linked to loan scams, employment scams, identity theft, and credit card fraud, while in Togo police arrested 10 suspects tied to a fraud ring whose members split responsibilities between account compromise and social-engineering schemes such as romance and sextortion scams. The reporting describes a coordinated law-enforcement disruption of active criminal infrastructure rather than a vendor announcement or generic security guidance.
Timeline
Mar 13, 2026
INTERPOL publicly announces Operation Synergia III results
INTERPOL disclosed the results of Operation Synergia III, highlighting the scale of the multinational crackdown and the role of cross-border law enforcement and private-sector intelligence sharing.
Jan 31, 2026
Operation Synergia III concludes with 45,000 IPs disrupted and 94 arrests
The operation ended on 2026-01-31 after sinkholing or taking down more than 45,000 malicious IP addresses and servers, seizing 212 devices and servers, arresting 94 people, and placing 110 more under investigation.
Jan 31, 2026
India raids Pyypl-linked fraud network and detains key suspect
India's Central Bureau of Investigation searched locations across four states in a transnational online investment and part-time job fraud case linked to Dubai-based fintech platform Pyypl, and identified Ashok Kumar Sharma as a key member taken into custody.
Jan 31, 2026
Bangladesh arrests 40 suspects and seizes 134 devices
Bangladeshi authorities took major enforcement action against a cybercrime network tied to scams, identity theft, and credit card fraud, arresting 40 people and seizing 134 devices.
Jan 31, 2026
Togo dismantles fraud ring and arrests 10 suspects
Authorities in Togo disrupted a fraud ring involved in hacking, romance scams, sextortion, and related fraud schemes, resulting in 10 arrests during the operation.
Jan 31, 2026
Macau identifies more than 33,000 phishing and fraudulent websites
During Operation Synergia III, authorities in Macau, China identified over 33,000 phishing and fraud websites, including sites impersonating casinos, banks, and government platforms.
Jul 18, 2025
Operation Synergia III begins across 72 countries and territories
INTERPOL launched Operation Synergia III on 2025-07-18 to disrupt cybercrime infrastructure tied to phishing, malware, ransomware, and related fraud, with support from private-sector partners Group-IB, Trend Micro, and S2W.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
3 more from sources like interpol, data breaches net and register security
Related Stories
INTERPOL Operation Red Card 2.0 African Cybercrime Crackdown
**INTERPOL’s Operation Red Card 2.0**, coordinated under the **African Joint Operation against Cybercrime (AFJOC)**, resulted in **651 arrests** across **16 African countries** and the recovery of **over $4.3 million** tied to online scam activity. The operation ran from **December 8, 2025 to January 30, 2026**, identified **1,247 victims**, and targeted criminal activity linked to **over $45 million** in losses, including **high-yield investment fraud**, **mobile money fraud**, and **fraudulent mobile loan applications**. Law enforcement reported significant disruption activity, including the seizure of **2,341 devices** and takedowns of **1,442 malicious IPs/domains/servers (and related infrastructure)**. Notable actions included Nigeria dismantling an investment-fraud ring that leveraged **phishing, identity theft, and social engineering** (with **1,000+ fraudulent social media accounts** removed) and arresting **six suspects** accused of breaching a major telecom provider using **compromised staff credentials** to steal airtime/data for resale; Kenya arrested **27 suspects** tied to social-media/messaging-driven fraud schemes; and Côte d’Ivoire arrested **58 suspects** linked to predatory loan-app activity with hidden fees and abusive collection practices.
1 months ago
European Law Enforcement Takedowns of Phishing and Investment-Fraud Networks
European law enforcement reported multiple cyber-enabled fraud disruptions, including a Eurojust-supported operation that dismantled a **fraudulent call-centre network** operating from three offices in Dnipro. Authorities from Latvia, Lithuania, and Ukraine arrested **11 suspects**, seized **more than €400,000** in cash, and collected electronic evidence (computers, SIM cards, documents) during searches at **32 locations**. The group allegedly ran a fake cryptocurrency investment platform and used **remote access software** to gain access to victims’ online banking and move funds to accounts and crypto wallets under their control. Separately, Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group operating in Poland and Germany that used **phishing** to hijack Facebook accounts and extract **BLIK** payment codes. Investigators identified **11 group members**, placed **six** in pretrial detention, and seized **over 100,000** stolen Facebook credentials; prosecutors filed **400+ charges** including unauthorized access, online fraud, and money laundering. A South Korean case involving the breach of Seoul’s bike-hire service *Ttareungyi* (4.62 million users affected) is a distinct incident and not part of the European takedown actions described above.
1 months ago
Law Enforcement Disrupts Cybercrime Networks and Arrests Ransomware and Fraud Suspects
International and national law enforcement actions were reported targeting a range of cybercrime activity, including ransomware, extortion, and large-scale fraud. SentinelOne summarized multiple cases: Dutch authorities arrested a man accused of attempting to extort officials after receiving sensitive documents by mistake and refusing to delete them; Polish authorities detained a suspect linked to the **Phobos** ransomware-as-a-service ecosystem as part of Europol-coordinated **Operation Aether**, seizing materials such as stolen credentials and access information; and **Operation Red Card 2.0** (coordinated through Interpol/AFJOC) resulted in hundreds of arrests across multiple African countries, along with seizures of devices, takedowns of malicious sites, and recovery of funds tied to investment fraud and mobile-money/loan scams. Separately, Security Affairs’ weekly newsletter highlighted additional ongoing cyber risk items that align with the same broad theme of active cybercrime and enforcement pressure, including an **FBI warning** about a surge in **ATM jackpotting** losses and reporting on **Operation Red Card 2.0**. Other items in the Security Affairs roundup (e.g., additions to CISA’s KEV catalog, vendor/software issues, and various malware reports) were presented as a curated link list rather than a single unified incident. A SOCRadar profile on the China-attributed **Lotus Blossom** espionage group and a Tom’s Hardware historical piece on the first computer search warrant are not part of the law-enforcement disruption story and do not materially support the same specific event narrative.
1 months ago