Interpol reported that Operation Synergia III (July 2025–Jan 2026) led to the takedown of about 45,000 malicious IPs/servers and the seizure of 212 devices/servers, with 94 arrests announced. The operation targeted phishing, malware and ransomware infrastructure and involved private‑sector partners including Trend Micro.

Interpol said Operation Synergia III, running from July 2025 through January 2026, focused on dismantling large-scale phishing, malware and ransomware infrastructure used to support transnational fraud. Authorities identified and took down about 45,000 malicious IPs and servers, seized 212 devices and servers for forensic analysis, and flagged more than 33,000 phishing and fraud websites for removal. The operation resulted in 94 arrests across multiple jurisdictions, with additional suspects under investigation. Interpol coordinated with private-sector technology partners such as Trend Micro and other industry participants to trace infrastructure, attribute malicious activity and disrupt hosting and proxy networks that underpinned mass credential harvesting, business email compromise and ransomware campaigns. Officials emphasized that targeting the underlying infrastructure — rather than individual incidents — aimed to choke off persistent pipelines used to perpetrate large‑scale financial and identity theft fraud. Interpol noted continued follow‑up actions and international cooperation to pursue operators and recover proceeds where possible.