An Interpol-led operation targeting cybercrime has discovered nearly 9,000 malware-riddled servers and hundreds of compromised websites, including government portals across Southeast Asia. The investigation found 8,800 infected Command and Control servers in eight Association of Southeast Asian Nations (Asean) countries responsible for targeting financial institutions with malware, spreading ransomware, launching DDoS attacks and spreading spam.
Nearly 270 websites were found to be infected with a malware code that exploited a vulnerability in the website design application. Several government websites that may have contained personal data of their citizens were among the infected sites.
The operation also identified multiple phishing website operators including one with links to Nigeria. Interpol added that one Indonesia-based cybercriminal was found selling phishing kits on the Darknet and posting YouTube videos showing customers how to use the malicious software. Investigations into other suspects are still ongoing, Interpol said.
Run out of the Singapore-based Interpol Global Complex for Innovation (ICGI), the operation was supported by seven well-known private companies including Kaspersky Lab, Trend Micro, British Telecom, Booz Allen Hamilton and Fortinet among others.
Domestic law enforcement agencies from seven Asian countries, including Indonesia, Malaysia, Thailand, Philippines and Vietnam, also supported the investigation while China provided some cyberintelligence, the international police body said.
"For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries," chief superintendent Francis Chan, chairman of Interpol's Eurasian cybercrime working group and head of the Hong Kong Police Force's cybercrime unit said.
"It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via Interpol, and is a blueprint for future operations."
In the wake of recent high-profile cyberattacks across the globe, Interpol said the operation highlighted the growing need for law enforcement agencies to proactively investigate vulnerabilities exploited by cybercriminals, rather than wait for reports from victims of devastating cyberattacks.
"Cybercrime is an increasingly organized endeavour consisting of a sophisticated web of compromised systems that make it easier for criminals to scale attacks and discourage attribution of their activities," Derek Manky, a global security strategist at Fortinet, said in a statement. "Compounding these challenges, cybercriminals have no regard for political boundaries or national lines and will leverage various geopolitical protocols to their advantage.
"Cooperation between the public sector working alongside both local and international law enforcement is a necessity to turn the tide against organised cybercrime."