An INTERPOL joint operation in Southeast Asia has resulted in the discovery and shutdown of 8,880 command-and-control servers and 270 compromised websites.

The investigation exposed threats including malware attacks against banks and other institutions, ransomware, distribute denial of service attacks and spam campaigns. It included authorities from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam with support from Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks.

Most of the infected websites identified had been compromised via an unnamed WordPress plugin, but perhaps more disturbingly, several government websites were identified as being infected and used for nefarious purposes.

By the numbers, 40 live phishing sites were discovered by the investigation, along with 454 live dating scam sites, 66 tech support scam sites, 119 malware-hosting sites; six keylogger dropzone sites and a number weight-loss and other scam sites. The investigation also managed to identify a number of phishing website operators, including one with links to Nigeria while another based in Indonesia was selling phishing kits via the dark web.

In a statement, INTERPOL said the investigation showed how a joint effort between governments and private industry can work efficiently together in combating cyber crime.

“With direct access to the information, expertise and capabilities of the private sector and specialists from the [INTERPOL] Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” INTERPOL Global Complex for Innovation Executive Director Noboru Nakatani said.

Investigations into the C&C servers, along with those behind them, are ongoing based on leads discovered during the investigation.

Photo: Gunawan Kartapranata/Wikimedia Commons