Law enforcement agencies are enhancing their cross-border coordination and intelligence-sharing capabilities, increasingly supported by expert insights from the private sector and international partnerships. Some notable operations in 2025 include: –Operation Serengeti 2.0: INTERPOL coordinated this operation with 18 African countries and the United Kingdom to tackle ransomware, online scams and business email compromise; it led to 1,209 arrests and the recovery of $97.4 million. The operation was strengthened by collaboration with the private sector and non- governmental collaborations, such as the World Economic Forum-hosted Cybercrime Atlas.26 –Operation Secure: Led by INTERPOL, in coordination with law enforcement agencies across 26 countries and private-sector partners, the operation, focused on infostealer malware, dismantled 20,000 malicious IP addresses and domains, seized 41 servers and resulted in 32 arrests. These INTERPOL operations were conducted under the umbrella of projects funded by the United Kingdom’s Foreign, Commonwealth and Development Office.27 –Operation Endgame: Coordinated by Europol and Eurojust, with the support of international public and private partners, Operation Endgame dismantled malware infrastructure consisting of hundreds of thousands of infected computers containing several million stolen credentials.28 –Lumma Infostealer Disruption: Europol and Microsoft disrupted the Lumma malware ecosystem, affecting 394,000 infected machines and seizing 1,300+ domains.29The changing architecture of cybercrime The Global Cybersecurity Outlook 2025 highlighted the growing convergence between cybercrime and organized crime groups, noting that the cybercrime landscape has evolved from opportunistic activities to highly organized operations that increasingly mirror legitimate business practices. The commercialization of cybercrime, via cybercrime-as- a-service (CaaS) platforms, continues to lower entry barriers and expand the scale, sophistication and impact of cyberattacks. Over the course of 2025, a new shift has emerged in the structure and behaviour of cybercrime collectives. An increasing number of cybercriminals – particularly younger actors – are actively pursuing business disruption, along with visibility and status within the cybercriminal ecosystem.24 These groups frequently publicize their activities by announcing attacks, leaking stolen data or sharing screenshots on social media to showcase their capabilities. This culture of exposure has blurred the traditional boundaries between hacktivism, cybercrime and influence operations. Increasingly, groups frame their actions as activism to claim moral legitimacy and expand their online following, further complicating attribution and response efforts. A persistent trend is the blurring of lines between cybercrime and nation-state activity. Cybercriminals often adopt and adapt the tools, tactics and procedures of state actors, once these become publicly known. Conversely, some nation-states mask their involvement by collaborating with or attributing operations to criminal groups, to maintain plausible deniability – or leverage the capabilities of these actors to advance their own strategic objectives, often in exchange for turning a blind eye to their illicit activities. Facing rapid innovation in tech combined with the transformative impact of AI, law enforcement cannot fight cybercrime in isolation. Protecting communities now depends on true multistakeholder cooperation. Only together can we stay ahead of criminals and uphold safety, rights and resilience for a secure digital future. Valdecy Urquiza, Secretary-General, INTERPOL Collaboration against cybercrime In 2025, there have been several developments in the fight against cybercrime, including the signing of the Convention against Cybercrime, adopted by the United Nations General Assembly in December 2024 after five years of negotiation.25 The Convention establishes the first universal framework for investigating and prosecuting offences committed online – from ransomware and financial fraud to the non-consensual sharing of intimate images. Additionally, public–private collaboration has enabled law enforcement agencies to carry out several successful cybercrime takedowns (see Box 3). BOX 3 Disrupting cybercrime through multistakeholder collaboration Global Cybersecurity Outlook 2026 33