1,209 arrested in crackdown
Authorities across 18 African countries and the United Kingdom have arrested over 1,200 suspects linked to cybercrime in a coordinated operation led by Interpol.
Dubbed Operation Serengeti 2.0, the crackdown ran from June to August 2025, targeting high-impact online crime, including investment fraud, ransomware attacks and business email compromise schemes.
Interpol confirmed that 1,209 individuals were arrested and that nearly $97.4 million in illicit funds were recovered. Investigators also dismantled 11,432 pieces of malicious online infrastructure. Almost 88,000 victims were identified across operations, highlighting the growing reach of cybercrime across the continent and beyond.
The operation focused on tackling threats listed in the latest Interpol Africa Cyberthreat Assessment Report, which identified the rapid growth of cybercrime as a major risk across the region.
The findings mirror trends seen in the Middle East and North Africa, where authorities have also stepped up cybersecurity measures in response to increasing digital threats.
To prevent future threats, the operation included a partnership with the International Cyber Offender Prevention Network (InterCOP), a law enforcement alliance of 36 countries. Led by the Netherlands, the initiative promotes early detection and disruption of cybercriminal activity.
Operation Serengeti 2.0 was carried out under the African Joint Operation against Cybercrime. Funding came from the United Kingdom’s Foreign, Commonwealth and Development Office.
Operational partners included Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs and Uppsala Security.
Participating countries included Angola, Benin, Cameroon, Chad, Côte D’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia and Zimbabwe.
Fraud networks
The joint operation involved law enforcement agencies from countries including Nigeria, Kenya, Côte d’Ivoire and Zambia. Intelligence was shared before the launch of field actions, supported by cybersecurity firms such as Fortinet, Group-IB, and Trend Micro. This collaboration allowed authorities to act quickly on IP addresses, domains and server data tied to illicit networks.
In Angola, police shut down 25 illegal cryptocurrency mining centres operated by 60 Chinese nationals. The facilities were running on stolen electricity and using unauthorised equipment to validate blockchain transactions. Investigators seized $37 million worth of IT and mining hardware. Authorities also confiscated 45 illicit power supply stations, which have now been redirected to underserved communities.
In Zambia, officials uncovered a large-scale investment scam that had defrauded at least 65,000 people of around $300 million. Victims were lured into purchasing fake crypto products via high-visibility social media advertising. They were asked to install applications that facilitated further financial losses. Fifteen suspects were detained, and several bank accounts, domains and mobile phone numbers linked to the scam were seized.
Authorities in Zambia also disrupted a separate human trafficking ring after uncovering a scam centre in Lusaka. Officers, working with the Immigration Department, confiscated 372 counterfeit passports linked to seven different countries.
Old scams
In Côte d’Ivoire, police arrested the key figure behind a long-running inheritance scam originating from Germany. Victims were convinced to pay administrative fees to claim false inheritances. The scheme generated an estimated $1.6 million in revenue. Seized assets included vehicles, electronics, jewellery and cash.
Despite being one of the oldest forms of internet fraud, inheritance scams continue to thrive, particularly in lower-income economies where online financial literacy is limited. Interpol noted that criminal organisations continue to adapt old scams to new technologies.
Valdecy Urquiza, Secretary General of Interpol, said: “Each Interpol-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results continue to grow in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims.”
Training sessions ahead of the operation helped equip national investigators with tools to identify threats and handle cryptocurrency-based offences. The workshops focused on open-source intelligence, ransomware tactics, and blockchain tracing—skills that experts say are vital as African nations digitise rapidly.
Regional threats
Cybercrime has risen sharply in both Africa and the Middle East. According to Kaspersky, the Middle East, Turkey and Africa (META) region saw a 20% increase in ransomware incidents in the first half of 2025 compared to the same period last year. Business email compromise (BEC) attacks have also surged, often targeting SMEs and government entities.
With African digital economies expected to grow significantly over the next decade, regional law enforcement agencies are under increasing pressure to strengthen cybersecurity infrastructure and international cooperation.
Image for illustration only: Operation Serengeti 2.0 focused on tackling threats listed in the latest Interpol Africa Cyberthreat Assessment Report, Credit: Tima Miroshnichenko
