
Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries.
Dubbed “Operation First Light 2026,” this joint action has targeted social engineering fraud (including business email compromise, sextortion, impersonation, romance, and investment scams) and money laundering activities between January 15 and April 30.
“This included pro-active action against high-value targets, raiding identified premises, blocking or freezing bank accounts and virtual wallets, requesting INTERPOL Notices and Diffusions and proactively utilizing INTERPOL’s Global Rapid Intervention of Payments (I-GRIP), a stop-payment mechanism that facilitates the swift blocking of illicit financial flows of both fiat and virtual assets,” INTERPOL said on Thursday.
“Over 142,000 victims globally were identified during Operation First Light 2026, highlighting the extent to which social engineering scams and fraud have escalated into a major transnational threat, affecting individuals, businesses and governments.”
Throughout the operation, investigators identified more than 142,000 victims worldwide, blocked 31,014 bank accounts, analyzed 152,808 cases, and identified 15,606 suspects beyond those arrested.
Operation First Light 2026 was coordinated by INTERPOL, with funding from China’s Ministry of Public Security and support from ASEANAPOL, GCCPOL, and Europol regional policing bodies.
This action follows Operation Synergia II, another joint law enforcement operation that led to the arrest of 41 suspects between April and August 2024 and the seizure of 1,037 servers and other cybercrime infrastructure operating across more than 22,000 IP addresses.
During the first stage of Operation Synergia, investigators identified an additional 70 cybercrime suspects and took down 1,300 command-and-control servers that were used by cybercriminals in ransomware, phishing, and malware campaigns.
Two other joint actions, Operation Serengeti and Operation Africa Cyber Surge, which have focused on African cybercrime in recent years, have also led to thousands of arrests and the dismantling of multiple multimillion-dollar operations.
More recently, between December 8 and January 30, African police arrested 651 suspects in another Interpol-coordinated joint police action, codenamed Operation Red Card 2.0, that spanned 16 countries.
Between July 2025 and January 2026, another Interpol-led law enforcement action codenamed “Operation Synergia III” targeted cybercrime operations worldwide, seizing servers and sinkholing tens of thousands of IP addresses.
“Criminal syndicates exploit human psychology to manipulate their targets, and no nation can stay safe unless all countries are equipped and committed to jointly fighting back,” added Tomonobu Kaya, director of the INTERPOL Financial Crime and Anti-Corruption Centre, on Thursday.
“INTERPOL is dedicated to supporting member countries in building a comprehensive, coordinated strategy to tackle cyber-enabled financial crimes, organized criminal networks and the money laundering that fuels them.”
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

