Group-IB supports INTERPOL operation targeting human trafficking on content subscription platforms

Group-IB, a leading creator of predictive cybersecurity technologies to investigate, prevent, and fight digital crime, contributed intelligence support to Operation CyberProtect III (19–22 May 2026), a joint law enforcement operation co-organized by INTERPOL and the Organization for Security and Co-operation in Europe (OSCE) targeting the growing exploitation of subscription-based content platforms to facilitate human trafficking and sexual exploitation.

INTERPOL operation

Group-IB intelligence maps criminal infrastructure and financial trails

Bringing together 14 law enforcement officers from Germany, Netherlands, Romania, Spain, Sweden, Ukraine, and the United Kingdom, the operation’s hackathon format — a focused collaborative event using digital tools to address a specific policing challenge — generated 34 suspicious cases, 18 suspect profiles, and 27 potential victims. To support the operation, Group-IB deployed its Threat Intelligence Graph — an interactive visualization tool within its Unified Risk Platform that maps complex, disparate data into a clear investigative storyline, connecting threat actors, network infrastructure, and indicators of compromise in real time — alongside analyst expertise to conduct database checks and discovery intelligence analysis. This work surfaced relevant accounts and activity linked to potential exploitation networks, with the team identifying additional potential threat actor infrastructure.

How organized crime weaponizes content subscription platforms

Organized crime networks are increasingly weaponizing content subscription services — platforms commonly associated with sexually explicit material — to recruit and sexually exploit women, minors, and vulnerable adults. Victims are lured with promises of income before being coerced into exploitative content production. A modus operandi highlighted in an INTERPOL Purple Notice published in February 2026 describes criminal groups masquerading as legitimate modelling agencies: once a victim is engaged, the group seizes control of their account, retains the majority of earnings, and applies escalating psychological pressure and coercion to compel increasingly explicit content production.

Operation uncovers emerging tactics across seven European countries

Operation CyberProtect III exposed a range of emerging tactics and trends driving online sexual exploitation. Key findings included:

A high prevalence of advertisements featuring female models from South America, highlighting the region as a key origin point for both real-life and virtual sexual exploitation.
Recruiters using encrypted messaging platforms to target potential victims, including requests for nude images without age verification.
Content producers being bought and sold for significant sums; one messaging group involved in this activity was found to contain up to 28,000 advertisements.
Cryptocurrencies and diamond emojis — transferable to virtual currencies — used as payment mechanisms, with rates as low as USD 3 for 25 minutes of private video from a content maker.
Criminal groups leveraging social media platforms to exchange strategies and recruit others into so-called “e-pimping” — the use of digital tools to orchestrate exploitation at scale.
Artificial intelligence used to generate fake profiles to complement human-led content operations.

“Criminal networks that weaponize digital platforms to traffic and coerce vulnerable people are among the most damaging actors in today’s threat landscape. Group-IB’s contribution to Operation CyberProtect III reflects our adversary-centric approach — mapping the infrastructure, recruitment channels, and financial flows these networks depend on to deliver intelligence that investigators can act on immediately. Our collaboration with INTERPOL is central to how Group-IB operates: we believe that predictive, intelligence-driven cooperation between the private sector and law enforcement is the most effective way to dismantle the criminal ecosystems behind these crimes, and to protect the people they target.”

Dmitry Volkov

CEO of Group-IB

Operation CyberProtect III was co-organized by INTERPOL and OSCE, and supported by Cybercrime Atlas, Diaconiía, the Dutch National Rapporteur on Trafficking in Human Beings and Sexual Violence against Children, Europol, Group-IB, META, S2W, STOP THE TRAFFIK, and TikTok. Participating countries included Germany, Netherlands, Romania, Spain, Sweden, Ukraine, and the United Kingdom.

About Group-IB

Established in 2003, Group-IB is a leading creator of predictive cybersecurity technologies to investigate, prevent, and fight digital crime globally. Headquartered in Singapore, and with Digital Crime Resistance Centers in the Americas, Europe, Middle East and Africa, Central Asia, and the Asia-Pacific, Group-IB delivers predictive, intelligence-driven defense by analysing and neutralizing regional and country-specific cyber threats via its Unified Risk Platform, offering unparalleled defense through its industry-leading Cyber Fraud Intelligence Platform, Cloud Security Posture Management, Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection, and External Attack Surface Management solutions, catering to government, retail, healthcare, gaming, financial sectors, and beyond. Group-IB collaborates with international law enforcement agencies like INTERPOL, Europol, and AFRIPOL to fortify cybersecurity worldwide, and has been awarded by advisory agencies including Datos Insights, Gartner, Forrester, Frost & Sullivan, and KuppingerCole.

For more information, visit us at www.group-ib.com or connect with us on LinkedIn, X, Facebook, and Instagram.

Discover our podcasts to hear from leading voices on Masked Actors and Fraud Intel, where top cybersecurity experts share real-world experiences, emerging trends, and practical insights to help you stay one step ahead in the fight against cyber crime.