Cybersecurity is a team sport. At the cutting edge of threat protection, security researchers work hard to discover new vulnerabilities and attacker TTPs, and theorize about novel attacks. This intelligence is often fed into security products, which make organizations safer. On the corporate side, CISOs and their teams do their best to devise a coherent strategy for mitigating cyber risk. But law enforcers play an equally crucial role.
By finding and bringing to justice those responsible for cybercrime, they can put prolific threat actors behind bars and send an important message to their peers in the process. Although at times this can resemble a real-life game of whack-a-mole, law enforcement is getting better at disrupting major cybercrime operations.
In rough chronological order, here’s Infosecurity's pick of the top 10 cybercrime takedowns we saw this year, and their impact:
African Law Enforcers Target Fraudsters in Operation Red Card
Investigators in seven African countries arrested 306 suspects and seized 1842 devices in an international operation targeting cyber-enabled fraud and scams. Running from November 2024 to February 2025, Operation Red Card was aimed at dismantling criminal networks responsible for defrauding over 5000 victims through mobile banking fraud, investment scams and malicious messaging app schemes. Police seized 26 vehicles, 16 houses, 39 plots of land and 685 electronic devices.
The operation was funded by the UK’s Foreign, Commonwealth & Development Office, in an example of western governments taking the fight to cybercrime impacting their citizens from abroad. Police in Benin, Côte d'Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia participated.
Hundreds Arrested in Latest Operation Henhouse Crackdown
The National Economic Crime Centre and City of London Police celebrated a February operation which resulted in the arrest of 422 individuals, the seizure of £7.5m ($9.9m) in cash and assets and account freezing orders of £3.9m ($5.2m). This was the latest iteration of a long-running Operation Henhouse initiative designed to crack down on fraud, which is now the most common crime type in the UK. The NCA claims that it now accounts for 40% of all crime, costing the country an estimated £6.8bn ($7.75bn) annually.
Among the successes this year were the return of nearly £1m ($1.34m) by Kent police to an investment scam victim, the arrest of five people in connection with a multimillion-pound investment and money laundering operation in Scotland, and the seizure of more than £2.7m ($3.6m) in suspected criminal cash and assets.
Operation Endgame Targets Infrastructure and Criminals
The Europol-led Operation Endgame has been running throughout the year. It began in May 2024 with a mission to disrupt the cyber-attack supply chain by taking out developers and infrastructure associated with popular malware families. The second instalment of the operation in April 2025 resulted in the arrest of customers associated with pay-per-install botnet Smokeloader. In May, police claimed to have seized 300 servers and 650 domains worldwide associated with malware such as Bumblebee, Lactrodectus, QakBot, Hijackloader, DanaBot, TrickBot and Warmcookie.
Operation Endgame 3.0 took place in November and resulted in the take down or disruption of 1025 servers and 20 domains.
Operation Serengeti 2.0 Recovers $100m
Law enforcers from the UK and 18 African countries teamed up between June and August on Operation Serengeti 2.0. They claimed to have busted a 1000-person cybercriminal network and recovered $97.4m in stolen money from over 88,000 victims, as well as dismantling 11,432 malicious infrastructure assets in Angola. The latter related to 25 illegal cryptocurrency mining centers operated by 60 Chinese nationals. Officers in Zambia also busted a $300m online investment fraud scheme that defrauded 65,000 victims through fake cryptocurrency ads and fraudulent apps.
Operation Secure Targets Criminal Infrastructure in Asia
Interpol-led Operation Secure resulted in the takedown of over 20,000 malicious IP addresses and domains, across 25 Asian countries as well as Macau and Hong Kong. It also led to the seizure of 41 servers and over 100GB of data, as well as 32 arrests and over 200,000 victim notifications. Revealed in June, the operation targeted criminal infrastructure with the aim of disrupting infostealer operations.
Indian Investigators Get Serious with Chakra-IV
India’s Central Bureau of Investigation (CBI) teamed up with the FBI to target a major $40m tech support fraud ring targeting US citizens. The call center in Amritsar was raided, resulting in the arrest of four suspected ringleaders and the detention of a further 34. The group would pose as tech support operatives to gain remote access to victims’ machines and then bank accounts, as per a classic tech support scam.
The CBI also teamed up with the German authorities to disrupt a financial crime network that had been targeting German nationals with tech support scams since 2021.
Operation Chakra-V Busts Another Scam Call Center
India’s CBI was again involved in the thick of the action this year, busting a cyber-fraud gang accused of duping UK, US and Australian victims with tech support scams. The 18-month operation resulted in the raid of a call center in Noida, Uttar Pradesh, in what was named Operation Chakra-V.
UK victims, which numbered over 100, lost at least £390,000 ($521,000) after receiving scareware popups on their PC claiming their PC had been hacked. Call center scammers posing as tech support representatives from Microsoft would then trick their victims into paying to fix the non-existent issues.
UK Cops Arrest Retail Ransomware Suspects
In July, officers arrested four individuals in connection with a string of cyber-attacks in April targeting three prominent UK retailers: Marks & Spencer (M&S), Co-op Group and Harrods. They were arrested on suspicion of Computer Misuse Act offenses, blackmail, money laundering and participating in the activities of an organized crime group. The Cyber Monitoring Centre (CMC) estimated the total financial impact of the M&S and The Co-op incidents to range from £270m-£440m ($360m-$588m).
All four were young men, with three just teenagers and one only 17-years-old. This fits the profile of typical Scattered Spider/Lapsus$/ShinyHunters hackers, who are also associated with the loose collectives known as “The Com.” The group has also been linked to the most expensive attack in UK history, on carmaker Jaguar Land Rover (JLR).
European Police Bust €100m Crypto Fraud Ring
Eurojust, the EU Agency for Criminal Justice Cooperation, coordinated a joint action day in September in which police across five countries disrupted a cryptocurrency fraud operation thought to have scammed victims out of €100m ($118m). Five individuals were arrested after police raided properties in Spain, Portugal, Italy, Romania and Bulgaria.
Victims were reportedly lured to professionally designed websites promising high returns on their crypto investments. However, once they tried to recover their money, they were asked to pay additional fees. Eventually, the website itself went offline, leaving them high and dry. The scheme had been running since at least 2018, with victims and money laundering activities distributed across 23 countries.
Operation Chargeback Unearths $348m Global Fraud Scheme
A five-year investigation led to 18 arrests across Europe in November in a German-led operation to crack down on fraud. Operation Chargeback reportedly targeted three international fraud and money laundering networks, responsible for stealing data from 4.3 million cardholders across 193 countries. The damage was estimated at over €300m ($348m), with attempted losses topping €75m ($88m).
Assets worth €35m ($41m) were secure in Germany and Luxemburg. The networks allegedly created around 19 million fake online subscription payments for purpose-built adult content, dating platforms and streaming services while disguising monthly charges of about €50 ($59) on victims’ cards to avoid detection.
Conclusion
Most of the biggest law enforcement stories of 2025 were not individual arrests but coordinated operations. However, they all count. The challenge for police in Western countries is that many of their adversaries are sheltered beyond their reach – usually in former Soviet states. Unless there is a huge geopolitical reset, that is not going to change any time soon – certainly not in 2026.