• Home
  • cyber
  • Interpol: Royal Bahrain Hospital data breach - Security Affairs
cyber Cyber Attack

Interpol: Royal Bahrain Hospital data breach - Security Affairs

Jan 1, 2024 2 min read
Interpol: Royal Bahrain Hospital data breach - Security Affairs

Interpol-Led Operation Synergia III Disrupts Global Cybercrime Network, Seizes 45,000 Malicious IPs and Makes 94 Arrests

In a major international crackdown, Interpol’s Operation Synergia III has dismantled a vast cybercriminal infrastructure, resulting in the seizure of over 45,000 malicious IP addresses and the arrest of 94 suspects across multiple countries. The operation, conducted in collaboration with law enforcement agencies from the U.S. and Europe, targeted cybercriminals leveraging the AVrecon botnet and its associated socksEscort proxy service, which facilitated large-scale cyberattacks, fraud, and data theft.

The takedown, announced in early 2024, disrupted a key proxy network used by threat actors to obscure their identities, launch attacks, and distribute malware. The AVrecon botnet, active since at least 2021, had infected thousands of devices worldwide, turning them into unwitting nodes for criminal operations. Authorities identified the botnet’s infrastructure as a critical enabler for ransomware campaigns, credential theft, and financial fraud, with victims spanning government institutions, businesses, and individuals.

Operation Synergia III marks a significant milestone in global cybersecurity enforcement, demonstrating the effectiveness of cross-border coordination in dismantling sophisticated cybercrime ecosystems. The operation’s success highlights the growing threat posed by proxy services and botnets in enabling cybercriminal activity, as well as the need for continued vigilance in tracking and neutralizing such networks. No further details on the suspects’ identities or specific jurisdictions involved have been disclosed.

Source: https://securityaffairs.com/189467/cyber-crime/payload-ransomware-claims-the-hack-of-royal-bahrain-hospital.html/attachment/image-1169

INTERPOL cybersecurity rating report: https://www.rankiteo.com/company/interpol

"id": "INT1773650069",
"linkid": "interpol",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': 'public sector',
                        'location': 'global',
                        'name': 'Government institutions',
                        'type': 'government'},
                       {'location': 'global',
                        'name': 'Businesses',
                        'type': 'private sector'},
                       {'location': 'global',
                        'name': 'Individuals',
                        'type': 'consumers'}],
 'attack_vector': ['malware', 'compromised devices'],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['credentials',
                                              'personal data',
                                              'financial information']},
 'date_publicly_disclosed': '2024-01',
 'description': 'In a major international crackdown, Interpol’s Operation '
                'Synergia III has dismantled a vast cybercriminal '
                'infrastructure, resulting in the seizure of over 45,000 '
                'malicious IP addresses and the arrest of 94 suspects across '
                'multiple countries. The operation targeted cybercriminals '
                'leveraging the AVrecon botnet and its associated socksEscort '
                'proxy service, which facilitated large-scale cyberattacks, '
                'fraud, and data theft.',
 'impact': {'identity_theft_risk': 'high', 'payment_information_risk': 'high'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The operation highlights the growing threat posed by '
                    'proxy services and botnets in enabling cybercriminal '
                    'activity, as well as the need for continued vigilance in '
                    'tracking and neutralizing such networks.',
 'motivation': ['financial fraud', 'data theft', 'ransomware'],
 'post_incident_analysis': {'corrective_actions': 'Cross-border law '
                                                  'enforcement coordination to '
                                                  'dismantle infrastructure',
                            'root_causes': 'AVrecon botnet and socksEscort '
                                           'proxy service enabling '
                                           'cybercriminal operations'},
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'Interpol Operation Synergia III Announcement'}],
 'regulatory_compliance': {'legal_actions': '94 arrests'},
 'response': {'containment_measures': 'Seizure of 45,000 malicious IP '
                                      'addresses',
              'law_enforcement_notified': 'Yes',
              'remediation_measures': 'Dismantling of AVrecon botnet and '
                                      'socksEscort proxy service',
              'third_party_assistance': 'Interpol, U.S. and European law '
                                        'enforcement agencies'},
 'threat_actor': 'AVrecon botnet operators',
 'title': 'Interpol-Led Operation Synergia III Disrupts Global Cybercrime '
          'Network',
 'type': ['botnet', 'proxy service']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.