An international cybercrime operation coordinated by the International Criminal Police Organization, known as INTERPOL, has taken down more than 45,000 malicious IP addresses and servers linked to online criminal activity.
The action was carried out under Operation Synergia III, an investigation conducted between July 2025 and January 2026 with the participation of law enforcement agencies from 72 countries and territories. The operation targeted infrastructure used in phishing, malware distribution, ransomware campaigns, and other cybercrime activity.
According to INTERPOL, investigators worked with national authorities and private sector partners to identify malicious digital infrastructure used by cybercriminal groups. The coordinated effort led to the removal or disruption of more than 45,000 IP addresses connected to illegal operations online.
The operation also resulted in enforcement actions against suspected cybercriminals. Authorities arrested 94 individuals connected to the activity and opened investigations into 110 additional suspects believed to be linked to the networks under investigation.
During the investigation, law enforcement agencies seized more than 200 electronic devices and servers believed to be part of the infrastructure used to support cybercrime campaigns. These systems were reportedly used to host malicious websites, phishing pages, or command and control systems used to manage malware operations.
Officials said the infrastructure was used in a range of cybercrime activities, including credential phishing, malware distribution, and ransomware attacks targeting individuals and organizations. The operation focused on identifying and disrupting servers and network resources used by these criminal groups.
Investigators also identified large clusters of malicious activity in several locations. Authorities reported that thousands of fraudulent websites designed to imitate banks and government services were uncovered during the investigation. These sites were used to collect login credentials and other personal information from victims.
Operation Synergia III involved collaboration between police agencies and cybersecurity companies that provided threat intelligence to help map cybercriminal infrastructure. According to INTERPOL, the information helped investigators connect malicious IP addresses, servers, and domains to larger criminal networks operating across multiple jurisdictions.
INTERPOL’s Cybercrime Directorate said the operation demonstrates how coordinated international action can be used to disrupt digital infrastructure used in global cybercrime. Authorities said investigations connected to the operation remain ongoing as law enforcement agencies continue to analyze seized data and pursue additional suspects.