Group-IB contributes to INTERPOL-led operation Synergia targeting ransomware, banking malware, and phishing threats in 50+ countries

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, took part in a global INTERPOL-led law enforcement operation named Synergia, aimed at combating the surge of phishing, banking malware, and ransomware attacks in more than 50 countries. As part of the global operation, the Group-IB team identified more than 500 IP addresses hosting phishing resources and over 1,900 IP addresses associated with ransomware, Trojans, and banking malware operations. This information was then shared with the task force for further coordinated action. The operation, which ran from September to November 2023, resulted in the apprehension of 31 individuals, the identification of an additional 70 suspects, and the takedown of hundreds of command-and-control (C2) servers.

The three-month long Operation Synergia was launched in response to the growth, escalation, and professionalization of transnational cybercrime and the need for coordinated action against emerging cyber threats. The operation brought together 60 law enforcement agencies spanning over 50 INTERPOL member countries as well as INTERPOL’s private sector Gateway Partners, with officers conducting house searches and seizing servers as well as electronic devices. To date, 70% of the C2 servers identified have been taken down, with the remainder currently under investigation.

Operation Synergia’s impact extended to the Asia-Pacific, Europe, the Middle East & Africa, and other regions. Group-IB’s Threat Intelligence and High-Tech Crime Investigation teams collected and shared information about 500+ IP addresses hosting phishing sites and more than 1,900 IP addresses used by ransomware, Trojan and other malware operators. The identified malicious resources were found to be hosted in more than 50 countries, including Australia, Canada, Hong Kong, Singapore, and others. The malicious infrastructure used by the threat actors was distributed across 200+ web hosting providers around the world.

As a result, Hong Kong and Singapore Police dismantled 153 and 86 servers, respectively. Most of the C2 servers taken down were in Europe, where 26 people were arrested. On the African continent, South Sudan and Zimbabwe reported the highest number of takedowns, resulting in the arrest of four suspects. Meanwhile, Kuwait worked closely with Internet Service Providers to identify victims, conduct field investigations, and offer technical guidance to mitigate impacts.

“The results of this operation, achieved through the collective efforts of multiple countries and partners, show our unwavering commitment to safeguarding the digital space. By dismantling the infrastructure behind phishing, banking malware, and ransomware attacks, we are one step closer to protecting our digital ecosystems and a safer, more secure online experience for all.”

Bernardo Pillot

Assistant Director to INTERPOL Cybercrime Directorate

“Operation Synergia has shown that the synergy of global law enforcement, national cyber police forces, and the private sector is paramount. Together, we forge a collective front, sharing cyber intelligence, and best practices to fight cybercrime. This approach highlights the pivotal role collaboration and effective data sharing plays in reducing the global impact of cybercrime.”

Dmitry Volkov

CEO and co-founder of Group-IB

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.