In a critical move to fortify regional cybersecurity, the Asia and South Pacific Desk of INTERPOL’s Cybercrime Directorate convened Operation SECURE, bringing together over 75 cyber experts from 22 countries in Bangkok. With infostealers on the rise and malware evolving rapidly, the meeting underscores the urgency of regional collaboration and public-private cybersecurity coordination to address cross-border threats.
Held in Bangkok, Thailand, the five-day event ran intensive sessions ranging from a Cyber Command Course delivered by the Hong Kong Police Force to tabletop exercises simulating cyberattacks. Attendees included law enforcement, regulators, private sector partners, and international organizations such as the World Economic Forum and UNODC source.
The gathering focused on the increasing proliferation of information-stealing malware-commonly known as infostealers-which extract credentials, financial records, and other sensitive data. These threats, often linked to ransomware campaigns or credential marketplaces, are being seen across both developed and emerging digital economies in Asia-Pacific.
“Infostealers are low-risk, high-reward tools for cybercriminals, and their deployment is skyrocketing in the region,” said Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software.
Participating Nations and Strategic Players
Cyber experts from Australia, Indonesia, Malaysia, Japan, South Korea, India, the Philippines, and others joined forces. The Royal Thai Police co-hosted the event, while the initiative was co-funded by the UK’s Foreign, Commonwealth & Development Office and the Council of Europe’s GLACY-e project, reinforcing international commitment.
The inclusion of cybersecurity vendors – Group-IB, Kaspersky, Fortinet, Trend Micro, Accenture Security, Microsoft, Binance, and Mastercard – provided participants access to cutting-edge threat intelligence, training, and tools for incident response and malware mitigation.
MEA Lens: Lessons for the Middle East & Africa
While the event focused on Asia and the South Pacific, its outcomes hold strategic relevance for MEA nations. Infostealer malware, as noted by Kaspersky’s recent report in May 2025, has seen a 220% increase in targeting African enterprises, particularly in fintech and digital banking sectors.
Countries in the Middle East, such as UAE and Saudi Arabia, which are rapidly digitizing public services, can benefit from inter-agency drills and vendor partnerships exemplified by Operation SECURE. The African Union’s Cybersecurity Strategy 2024-2028 also encourages member states to engage in international cyber exercises a path now clearer through examples like Bangkok.
Global Cybercrime Trends & Operation SECURE’s Position
Compared to NATO’s Locked Shields or the EU’s Cyber Europe exercises, Operation SECURE uniquely blends capacity building with operational planning. It’s one of the few programs co-funded by both Commonwealth and Council of Europe bodies, illustrating a North-South bridge in cyber defense planning.
“What sets this initiative apart is its operational focus—this wasn’t just a policy dialogue; it was a simulation of threats we face in real-time,” said Josephine Wong, INTERPOL Cybercrime Directorate Asia-Pacific lead.
Technical Insight Box
Common Infostealer TTPs Identified in the Region:
| MITRE ATT&CK Technique | Description |
|---|---|
| T1059.001 | Command and Scripting Interpreter: PowerShell |
| T1566.002 | Phishing: Spearphishing Link |
| T1003.001 | Credential Dumping: LSASS Memory |
| T1555.003 | Credentials from Web Browsers |
| T1204.002 | User Execution: Malicious File |
Indicators of Compromise (IOCs):
- Malicious domains mimicking tax or government agencies
- Files with suspicious double extensions (.pdf.exe)
- Abnormal outbound traffic to Eastern European IPs
Actionable Takeaways for Cybersecurity Professionals
- Conduct malware-focused tabletop exercises to simulate infostealer attacks.
- Partner with local CERTs and law enforcement for incident response training.
- Monitor user credentials and browser-stored data for unauthorized access or exfiltration.
- Implement application allowlisting to block unauthorized executables.
- Regularly train employees on spearphishing and malicious link detection (training).
- Join or form inter-regional cyber alliances for intelligence sharing.
- Use behavior-based EDR tools to detect stealthy post-exploitation activity.
- Map your environment to MITRE ATT&CK to assess infostealer exposure.
- Audit third-party partners and vendors for malware hygiene.
- Invest in cybersecurity services like pentesting and red teaming to detect weaknesses.
Conclusion: Unity Over Isolation
Operation SECURE is more than an event; it signals a paradigm shift toward operational solidarity in cyber defense. As malware strains grow in sophistication and spread across borders, only coordinated responses across governments, private sectors, and continents can match the challenge. This model, if extended to regions like MEA, could dramatically elevate the collective digital resilience of the Global South.
Source List
- Operation SECURE strengthens cybersecurity in the Asia and South Pacific region – INTERPOL (6 June 2025)
- Group-IB analysis of infostealer rise – April 2025
- Kaspersky Infostealer Trends – May 2025
- Council of Europe GLACY-e Project
- UK Foreign, Commonwealth & Development Office
- Cybersecurity Trends & Alerts – CyberCory
- Cybersecurity Services & Awareness Training – Saintynet
