An INTERPOL-led crackdown has dismantled major cybercrime networks across Africa, arresting 1,209 suspects and recovering USD 97.4 million, in one of the largest operations of its kind on the continent.
Code-named Operation Serengeti 2.0, the three-month sweep (June–August 2025) spanned 18 African countries and the United Kingdom, targeting high-impact threats including ransomware, business email compromise (BEC), and online scams. Investigators dismantled 11,432 malicious infrastructures linked to criminal syndicates.
INTERPOL said the operation builds on its Africa Cyberthreat Assessment Report, which identified cyber-enabled fraud and ransomware as the fastest-growing digital threats.
“Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries,” said Valdecy Urquiza, INTERPOL’s Secretary General. “With more contributions and shared expertise, the results keep growing in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims.”
High-Value Arrests and Seizures
In Angola, authorities dismantled 25 illegal cryptocurrency mining centres operated by 60 Chinese nationals. The crackdown seized 45 illicit power stations and IT equipment worth more than USD 37 million, which the government has earmarked for electricity distribution in underserved communities.
Zambian officials broke up a USD 300 million online investment fraud, which lured 65,000 victims into downloading fake cryptocurrency apps. Fifteen suspects were arrested, and investigators froze domains, bank accounts, and mobile numbers linked to the scam.
In a separate case, Zambian authorities disrupted a human trafficking network, seizing 372 forged passports from seven countries.
Elsewhere, Côte d’Ivoire police dismantled a transnational inheritance fraud traced to Germany, arresting the main suspect and seizing vehicles, jewellery, and cash. Victims were tricked into paying fees to claim fake inheritances, leading to estimated losses of USD 1.6 million.
Private Sector and Training Support
The operation was bolstered by extensive private sector partnerships, with firms including Group-IB, Kaspersky, Fortinet, Trend Micro, Shadowserver Foundation, TRM Labs, and Uppsala Security supplying intelligence on suspicious domains, IP addresses, and command-and-control servers.
Ahead of the operation, investigators received specialized training in cryptocurrency tracing, ransomware analysis, and open-source intelligence tools, which INTERPOL said directly contributed to the scale of arrests and seizures.
Proactive Cybercrime Prevention
In addition to enforcement, Operation Serengeti 2.0 leveraged the International Cyber Offender Prevention Network (InterCOP), a consortium of law enforcement agencies from 36 countries led by the Netherlands. InterCOP seeks to disrupt cybercrime preemptively by sharing intelligence on emerging threats.
The crackdown was conducted under the African Joint Operation against Cybercrime, funded by the UK’s Foreign, Commonwealth and Development Office.
Countries Involved
Participating countries included Angola, Benin, Cameroon, Chad, Côte d’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, Zambia, Zimbabwe, and the United Kingdom.
