Operation Serengeti 2.0: Africa's Largest Cybercrime Crackdown Nets 1,209 Arrests and $97.4M Recovery

Breached Company

Breached Company

5 min read
Operation Serengeti 2.0: Africa's Largest Cybercrime Crackdown Nets 1,209 Arrests and $97.4M Recovery
Photo by James Wiseman / Unsplash

Bottom Line Up Front: INTERPOL's Operation Serengeti 2.0 resulted in 1,209 arrests across 18 African countries and the UK, recovering $97.4 million and dismantling 11,432 malicious infrastructures in a three-month operation targeting ransomware, online scams, and business email compromise schemes.

In an unprecedented display of international cooperation, Operation Serengeti 2.0 brought together investigators from 18 African countries and the United Kingdom between June and August 2025 to tackle high-harm and high-impact cybercrimes including ransomware, online scams and business email compromise (BEC). This massive law enforcement operation represents the second phase of INTERPOL's ongoing efforts to combat the rapidly evolving cybercrime landscape across the African continent.

Scale and Impact of the Operation

The numbers speak to the operation's extraordinary scope. Law enforcement agents seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks that targeted 87,858 victims worldwide. The operation was conducted under the framework of the African Joint Operation against Cybercrime, with funding provided by the United Kingdom's Foreign, Commonwealth and Development Office.

Key Statistics:

  • 1,209 arrests across 19 countries
  • $97.4 million recovered in stolen funds
  • 11,432 malicious infrastructures dismantled (domains, IPs, C&C servers)
  • 87,858 victims identified worldwide
  • 18 African countries plus the UK participated

Major Operations Across the Continent

Angola: Dismantling Illegal Cryptocurrency Mining

Authorities in Angola dismantled 25 cryptocurrency mining centres, where 60 Chinese nationals were illegally validating blockchain transactions to generate cryptocurrency. The operation revealed the extent of unauthorized mining operations that had been draining the country's power grid.

In Angola, authorities dismantled 25 illegal cryptocurrency mining centers run by 60 individuals, along with 45 illicit power stations and related hardware collectively worth $37 million. The seized equipment will be repurposed by the Angolan government to support power distribution in vulnerable areas, addressing the country's ongoing energy challenges.

This crackdown came after a mining ban went into effect in the African nation in April 2024, followed by Chinese officials warning residents not to "support or engage in virtual currency mining activities." The penalties for cryptocurrency mining in Angola range from one to five years in prison, with those connecting mining rigs to the national power system facing three to 12 years.

Zambia: Massive Investment Fraud and Human Trafficking

Zambian authorities uncovered one of the largest online investment scams documented in the operation. Zambian authorities dismantled a large-scale online investment fraud scheme, identifying 65,000 victims who lost an estimated USD 300 million. The scammers lured victims into investing in cryptocurrency through extensive advertising campaigns promising high-yield returns.

Scammers lured victims into investing in cryptocurrency through large ad campaigns promising high returns. Victims were then instructed to download several apps to participate. Authorities arrested 15 people and seized key evidence, including domains, phone numbers, and bank accounts.

Additionally, Zambian authorities also uncovered a suspected human trafficking network, confiscating 372 fake passports from seven countries. This discovery highlights the interconnected nature of criminal enterprises operating across the continent.

Côte d'Ivoire: Transnational Inheritance Scams

Officers in Côte d'Ivoire dismantled a transnational inheritance scam originating in Germany, arresting the primary suspect and seizing assets including electronics, jewellery, cash, vehicles and documents. With victims tricked into paying fees to claim fake inheritances, the scam caused an estimated USD 1.6 million in losses.

Despite being one of the oldest forms of internet fraud, inheritance scams continue to generate significant revenue for criminal organizations, demonstrating the persistent nature of these schemes and their continued effectiveness against vulnerable populations.

International Collaboration and Private Sector Partnership

The success of Operation Serengeti 2.0 was built on unprecedented cooperation between law enforcement agencies and private sector partners. Operational partners: Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs and Uppsala Security.

Kaspersky has contributed to the operation, having shared its threat intelligence data and indicators of compromise (IoCs) on the threats investigated. These partnerships provided crucial intelligence on suspicious IP addresses, domains, and command-and-control servers that enabled targeted enforcement actions.

The operation also featured comprehensive training programs for investigators. Prior to Operation Serengeti 2.0 taking place, investigators had undergone training in blockchain analytics and ransomware analysis—familiarizing themselves with open-source intelligence tools.

Targeting High-Impact Cybercrimes

Business Email Compromise (BEC)

Interpol told The Register that, in total, it had made "112 arrests across eight countries specifically linked to BEC schemes, with Zambia, Benin, and Nigeria accounting for about three-quarters of those." BEC attacks remain one of the most financially damaging forms of cybercrime, often targeting businesses and individuals through sophisticated social engineering techniques.

Ransomware Operations

The operation also targeted specific ransomware groups operating across the continent. In a post shared on LinkedIn, blockchain intelligence platform TRM Labs said investigators pursued leads tied to the Bl00dy ransomware group in Ghana and acted on information connected to RansomHub, another ransomware operation that abruptly went offline earlier this April.

Building on Previous Success

Operation Serengeti 2.0 builds on the success of its predecessor. Between September and October 2024, another law enforcement action dubbed 'Operation Serengeti' that Interpol also coordinated, led to the arrest of 1,006 suspects believed to be part of cybercrime gangs behind ransomware, digital extortion, business email compromise (BEC), and online scams.

The first edition of operation Serengeti was held from September-October 2024 and cracked down on cybercrimes such as ransomware operations, digital extortion and online scams. These criminal activities caused nearly USD 193 million in damages and, as a result of an effort uniting nearly 20 participating countries, more than 1,000 suspected cybercriminals were then arrested.

The Evolving Threat Landscape

The scale and sophistication of Operation Serengeti 2.0 reflects the rapid evolution of cybercrime across Africa. Operation Serengeti 2.0 reveals why cybercrime in Africa has evolved from low-volume fraud to a continent-spanning economy of digital extortion.

According to INTERPOL's Africa Cyberthreat Assessment Report, the continent faces increasing challenges from AI-driven crimes and the proliferation of turnkey attack infrastructure. With limited cross-border cooperation capacities recognized by nearly 90% of African agencies, the significance of streamlined multistakeholder efforts to respond to evolving cyber risks is immense.

Leadership Perspectives

Valdecy Urquiza, Secretary General of INTERPOL, said: "Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results keep growing in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims."

"Cybercrime recognizes no borders, and its impact is truly global," Dmitry Volkov, Group-IB CEO, said. "The success of Operation Serengeti 2.0 demonstrates what can be achieved when nations stand together against this threat."

Looking Forward

The success of Operation Serengeti 2.0 demonstrates the effectiveness of coordinated international efforts in combating cybercrime. The outcomes—mass arrests, dismantled infrastructure, and financial restitution—demonstrate what can happen when law enforcement, industry, and international partners move with coordinated precision.

As Africa continues its digital transformation, operations like Serengeti 2.0 serve as critical deterrents against cybercriminal enterprises while building the collaborative frameworks necessary to address future threats. The operation's emphasis on intelligence sharing, capacity building, and public-private partnerships provides a blueprint for sustained efforts to combat the evolving cybercrime landscape across the continent and beyond.

Participating Countries: Angola, Benin, Cameroon, Chad, Côte d'Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia, and Zimbabwe.

Operation Serengeti 2.0 was conducted under the African Joint Operation against Cybercrime, funded by the United Kingdom's Foreign, Commonwealth and Development Office, and supported by multiple private sector cybersecurity partners.

Read more