December 3, 2023

An international law enforcement operation, codenamed “Operation Cyclone,” targeted the Clop ransomware gang, leading to previously reported arrests of six members in Ukraine.New information emerged about how the operation was conducted and the law enforcement agencies involved.

The transcontinental operation called “Operation Cyclone” was coordinated by INTERPOL’s Cyber Fusion Center in Singapore, with the assistance of the Ukrainian and US police authorities.


This operation targeted Clop for his numerous attacks on Korean companies and US academic institutions, in which threat actors encrypted devices and extorted organizations to pay a ransom or leak their stolen data.

Clop conducted a massive ransomware attack against E-Land Retail, a South Korean conglomerate and retail giant, which caused the temporary closure of 23 out of 50 stores of NC department stores and the NewCore Outlet. Them after claimed to have stolen 2,000,000 credit cards from the company that uses point-of-sale malware.

More recently, Clop used a vulnerability in the Accellion secure file transfer gateway to steal confidential and private files from companies and universities. When $ 10 million + ransom demands were not paid, the threat actors publicly released students’ personal information from numerous universities and colleges.

Through intelligence sharing between law enforcement and private partners, Operation Cyclone resulted in the arrest of six suspects in Ukraine, the search of more than 20 homes, businesses and vehicles, and the seizure of computers and $ 185,000 in cash. .

The transaction was also assisted by private partners, including Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB.

Despite the spiral of global ransomware attacks, this police-private sector coalition saw one of the first arrests of online criminal gangs by global law enforcement, sending a powerful message to ransomware criminals, who don’t care where they hide in. cyberspace, we will pursue them relentlessly.

Interpol Statement

US cybersecurity firm Intel 471 previously told that the arrested members are linked to the Clop ransomware gang, they were primarily involved in money laundering for the criminal organization. The intelligence firm further said that the main members of Operation Clop are likely out of danger in Russia

If convicted, the six suspected members of the clop face up to eight years in prison.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: