Interpol’s Operation Serengeti 2.0 Nets Over 1,200 Cybercrime Arrests Across Africa and the UK

Authorities from 18 African nations, together with the United Kingdom, have detained more than 1,200 individuals connected to cybercrime following a sweeping crackdown led by Interpol.

The coordinated campaign, known as Operation Serengeti 2.0, ran from June through August 2025 and targeted major online threats such as investment fraud, ransomware, and business email compromise schemes. Interpol reported that 1,209 suspects were taken into custody, nearly $97.4 million in illegal proceeds was recovered, and 11,432 pieces of malicious online infrastructure were dismantled. Close to 88,000 victims were identified in the course of the operation, underlining the fast-expanding impact of cybercrime across Africa and beyond.

The operation focused on the threats highlighted in Interpol’s most recent Africa Cyberthreat Assessment Report, which warned of cybercrime’s rapid growth as a critical security risk in the region. Similar patterns have emerged in the Middle East and North Africa, where governments are likewise ramping up cybersecurity measures to combat mounting digital risks.

In order to prevent future attacks, the campaign also partnered with the International Cyber Offender Prevention Network (InterCOP), a multinational law enforcement coalition spanning 36 countries and led by the Netherlands. The initiative is designed to promote early detection and disruption of criminal activity online.

Operation Serengeti 2.0 was conducted under the framework of the African Joint Operation against Cybercrime, with funding provided by the United Kingdom’s Foreign, Commonwealth and Development Office. Among the operational partners were Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs, and Uppsala Security.

Participating nations included Angola, Benin, Cameroon, Chad, Côte d’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia, and Zimbabwe.

The joint action was built on intelligence sharing between national law enforcement agencies, particularly in Nigeria, Kenya, Côte d’Ivoire, and Zambia. With support from cybersecurity firms such as Fortinet, Group-IB, and Trend Micro, investigators were able to move swiftly against illicit networks by targeting IP addresses, domains, and server infrastructure.

In Angola, police dismantled 25 illegal cryptocurrency mining operations run by 60 Chinese nationals. The facilities relied on stolen electricity and unauthorized equipment to process blockchain transactions. Officials confiscated $37 million worth of mining hardware and IT systems, along with 45 illegal power supply stations, which have since been redirected to underserved communities.

Authorities in Zambia uncovered one of the largest investment fraud schemes in the region, which had defrauded some 65,000 people of approximately $300 million. Victims were lured into purchasing fake cryptocurrency products through aggressive social media advertising campaigns. They were then tricked into installing applications that facilitated further financial losses. Fifteen suspects were arrested, and police seized related bank accounts, mobile phone numbers, and online domains.

In a separate operation, Zambian officials disrupted a human trafficking network after raiding a scam centre in Lusaka. Working with the Immigration Department, investigators seized 372 counterfeit passports linked to seven countries.

In Côte d’Ivoire, authorities captured the mastermind of a long-running inheritance fraud that originated in Germany. Victims were persuaded to pay administrative charges to claim fake inheritances, with the scheme generating around $1.6 million. Confiscated assets included luxury vehicles, electronics, jewellery, and cash.

Despite being one of the earliest forms of internet fraud, inheritance scams remain prevalent, particularly in low-income economies where digital literacy is weaker. Interpol warned that criminal networks continue to adapt these old schemes to modern technologies.

Valdecy Urquiza, Secretary General of Interpol, commented: “Each Interpol-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results continue to grow in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims.”

Training sessions were also organized ahead of the crackdown to equip local investigators with the necessary tools to address emerging threats, particularly in cases involving cryptocurrency. The workshops covered open-source intelligence, ransomware methodologies, and blockchain analysis, all of which experts describe as vital skill sets as African economies expand their digital infrastructure.

Cybercrime trends in Africa echo developments elsewhere. According to Kaspersky, ransomware incidents in the Middle East, Turkey, and Africa rose by 20% in the first half of 2025 compared with the same period in 2024. Business email compromise attacks are also on the rise, often hitting small and medium enterprises as well as public institutions.

With African digital economies projected to accelerate over the next decade, authorities across the continent face mounting pressure to bolster cybersecurity defences and deepen international cooperation.

By fLEXI tEAM