February 2, 2024 at 10:33AM
The international law enforcement operation ‘Synergia’ successfully dismantled over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. This involved the collaboration of 60 law enforcement agencies from 55 countries and resulted in the identification of 1,900 IP addresses linked to cybercrime activities. Additionally, 31 individuals were detained, and 70 suspects were identified. This action significantly disrupted cybercriminal operations and demonstrates a commitment to safeguarding the digital space.
The meeting notes detail the successful international law enforcement operation named ‘Synergia’ that resulted in the takedown of over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.
The operation, conducted between September and November 2023, included participation from 60 law enforcement agencies across 55 countries. As a result of this action, approximately 70% of the C2 servers identified were taken down, significantly disrupting cybercriminal activities.
The majority of the seized servers were located in Europe, with notable numbers also found in Singapore, Hong Kong, South Sudan, and Zimbabwe, as well as in Bolivia in the Americas. The operation led to the detention of 31 individuals believed to be connected to cybercrime operations and the identification of 70 suspects.
A statement from Bernardo Pillot, Interpol’s Cybercrime Assistant Director, emphasizes the collective efforts of multiple countries and partners in safeguarding the digital space and protecting against phishing, banking malware, and ransomware attacks.
Participating cyber-intelligence firms including Group-IB, Kaspersky, Trend Micro, Shadowserver, and Team Cymru played crucial roles in feeding investigations with vital data. Group-IB alone reported identifying over 1,900 IP addresses associated with ransomware, banking trojan, and malware operations.
While taking down C2 servers is a significant step in disrupting cybercrime activities and can provide intel for ongoing investigations, it’s noted that the process is not always foolproof due to certain botnets’ resilience and ransomware actors’ ability to switch to backup domains and servers.