Worldwide law enforcement initiative focuses on dismantling info-stealing malware software
In a significant move against cybercrime, Operation Serengeti 2.0, a recent initiative coordinated by INTERPOL, has resulted in the dismantling of malware-related networks across Africa and Asia. This operation, which took place between June and August 2025, involved collaboration with cybersecurity firms such as Fortinet, Group-IB, Kaspersky, Trend Micro, and others.
The operation led to the arrest of 1,209 cybercriminals involved in large-scale operations targeting over 87,000 victims with estimated losses approaching $485 million. The dismantling of these networks also included the takedown of 11,432 malicious infrastructure assets, including command-and-control servers essential for running malware campaigns.
While the specific operation named "Operation Secure" is not separately identified, Operation Serengeti 2.0 broadly targeted a variety of cyber threats, including ransomware, online scams, business email compromise, and malware-related criminal infrastructure. Although "information-stealer" malware is not explicitly singled out, the dismantling of command-and-control infrastructure disrupts such malware operations as well.
The operation involved significant collaboration between law enforcement agencies across 18 African countries and private cybersecurity firms. This collaboration enabled the disruption of a major cybercriminal network, highlighting the growing importance of public-private partnerships in combating malware and cybercrime.
Operation Serengeti 2.0 also involved proactive threat identification and prevention strategies. Partnerships such as the International Cyber Offender Prevention Network (InterCOP) aimed to shift from reactive to proactive disruption of cyber threats, which would include malware networks.
After the operation ended, law enforcement contacted more than 216,000 confirmed and suspected victims, warning them to change their passwords and check their accounts for unauthorized access. Cybercriminals often use infostealer malware to extract sensitive data such as passwords and credit card numbers, which they then sell on the dark web for further attacks, including ransomware and fraud.
During the operation, a total of 41 servers were seized, and authorities were able to takedown 79 percent of identified suspicious IP addresses. Servers were used as central hubs to launch and manage malicious campaigns, including phishing, online fraud, and social media scams. Notable arrests occurred in the Micronesian nation of Nauru, Sri Lanka, and Vietnam, including the alleged leader of the targeted group.
This operation significantly reduced the criminal capacity to deploy malware, including information-stealers, by neutralizing tens of thousands of malicious assets and networks. As a result, the cyber threat landscape is expected to be significantly altered, making the internet a safer place for users worldwide.
- The Operation Serengeti 2.0, in its recent execution, targeted a variety of cyber threats, such as ransomware, online scams, business email compromise, and malware-related criminal infrastructure, as mentioned in the general-news articles.
- The collaboration between law enforcement agencies in 18 African countries and private cybersecurity firms during Operation Serengeti 2.0 disrupted a major cybercriminal network involved in phishing, online fraud, and social media scams, utilizing malware and infostealer malware for crime-and-justice purposes.
- The proactive threat identification and prevention strategies adopted in Operation Serengeti 2.0 enabled the seizure of 41 servers and the takedown of 79 percent of identified suspicious IP addresses, thus neutralizing thousands of malicious assets and networks in the cybersecurity realm.
- By targeting and dismantling malware networks, Operation Serengeti 2.0 significantly reduced the criminal capacity to deploy malware, includes phishing, information-stealers, and ransomware, making the technology-driven world a safer place for users worldwide.
