Article Details

Operation Secure disrupts global infostealer malware operations. An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. Led by Interpol and conducted from January to April 2025, the operation focused on disrupting infostealer malware groups that steal financial and personal data through widespread infections. The data stolen by infostealers commonly includes account credentials, browser cookies, and cryptocurrency wallet details. This data is then compiled into "logs" and sold on cybercrime markets or used in targeted attacks against high-value victims. The results of Operation Secure are significant, resulting in: The authorities also identified a large cluster of 117 servers in Hong Kong that were used as command-and-control (C2) infrastructure for phishing, online fraud, and social media scam operations. A highlight of the action comes from the Vietnamese police, who arrested 18 suspects, including a leader of a cybercrime group dedicated to the selling of corporate accounts. Operation Secure was also assisted by private cybersecurity partners, including Kaspersky, Group-IB, and Trend Micro. In a report shared with BleepingComputer, Group-IB specifies that the action has impacted infrastructure tied to Lumma, RisePro, and the META Stealer. The researchers provided mission-critical intelligence to the authorities on the activity of the identified operators and infrastructure. Group-IB also tracked the operators' Telegram and dark web accounts that were used to advertise the malware and sell stolen data. This is the second significant disruption for Lumma Stealer, following another international effort led by the U.S. DoJ, the FBI, and Microsoft in May 2025. During that action, the authorities seized 2,300 domains associated with the malware-as-a-service information stealer operation, whose access was sold to other cybercriminals for a subscription between $250 and $1,000. META also suffered a disruption previously, in October 2024, when 'Operation Magnus' seized infrastructure and data associated with the cybercrime platform. Infostealers have become a major cybersecurity threat in recent years, fueling many high-profile breaches we regularly report on. Stolen data from these malware infections has been linked to incidents at UnitedHealth, PowerSchool, HotTopic, CircleCI, and Snowflake. Why IT teams are ditching manual patch management Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore. In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work -- no complex scripts required.