A coordinated international cybercrime operation across Africa has resulted in one of the largest law enforcement actions against cybercriminals to date, with authorities arresting 1,209 suspects and recovering nearly $100 million in stolen funds.
Operation Serengeti 2.0, running from June to August 2025, brought together investigators from 18 African countries and the UK to dismantle extensive criminal networks targeting nearly 88,000 victims worldwide. The operation dismantled 11,432 malicious infrastructures used for ransomware attacks, business email compromise (BEC) schemes, and online investment scams.
Major Takedowns Reveal Sophisticated Operations
The operation exposed the industrial scale of African cybercrime operations. In Angola, authorities shut down 25 illegal cryptocurrency mining centres operated by 60 Chinese nationals, seizing mining equipment worth over $37 million and confiscating 45 illicit power stations that were stealing electricity.
Zambian authorities uncovered a massive cryptocurrency investment fraud that victimised 65,000 people, causing estimated losses of $300 million. The scammers used extensive advertising campaigns promising high returns, then instructed victims to download multiple apps to participate in fake investment schemes.
"Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries," said Valdecy Urquiza, INTERPOL Secretary General.
Private Sector Intelligence Proves Critical
The operation's success relied heavily on private sector collaboration, with cybersecurity firms including Kaspersky, Fortinet, and Trend Micro providing threat intelligence and indicators of compromise (IoCs). Kaspersky alone shared data on approximately 10,000 unique ransomware samples detected across the region from January to May 2025.
This intelligence-driven approach allowed investigators to identify suspicious IP addresses, domains, and command-and-control servers before the operation began, significantly improving arrest rates and asset recovery.
Growing Threat Landscape Demands Continued Vigilance
The operation highlights Africa's emergence as both a target and source of sophisticated cybercrime. With rapid digitalisation across the continent creating new opportunities for both legitimate business and criminal activity, experts warn that coordinated international responses will become increasingly critical.
For organisations and individuals, the operation underscores the importance of verifying investment opportunities through official channels, using multi-factor authentication, and maintaining updated security software. The scale of these arrests demonstrates that cybercriminals are no longer operating with impunity, but users must remain vigilant against evolving threats.