Operation Serengeti 2.0: INTERPOL's Historic Cybercrime Crackdown Across Africa

Breached Company

22 Aug 2025 — 5 min read

TL;DR: INTERPOL coordinated a massive international operation that arrested over 1,200 cybercriminals across 18 African countries, recovering $97.4 million and dismantling thousands of criminal networks that had operated with impunity for years.

The Scale of the Takedown

Between June and August 2025, law enforcement agencies across Africa executed what would become one of the largest cybercrime operations in the continent's history. Operation Serengeti 2.0, coordinated by INTERPOL in partnership with AFRIPOL and 18 African nations plus the United Kingdom, delivered a devastating blow to cybercriminal networks that had been operating across borders with virtual immunity.

The numbers tell the story of the operation's unprecedented scope:

1,209 arrests across 18 countries
$97.4 million recovered in cash and assets
11,432 malicious infrastructures dismantled
87,858 victims identified worldwide
$485 million in total financial losses attributed to the criminal networks

This operation wasn't INTERPOL's first rodent in Africa's cybercrime landscape. The original Operation Serengeti, conducted from September to October 2024, resulted in 1,006 arrests and dismantled over 134,000 malicious infrastructures. But the 2.0 iteration represented a significant escalation in both scope and sophistication.

From Petty Fraud to Industrial-Scale Crime

What makes these operations particularly significant is how they exposed the evolution of African cybercrime from small-scale individual fraud to sophisticated, internationally coordinated criminal enterprises. The arrested networks weren't just running email scams from internet cafes—they were operating industrial-scale operations with advanced infrastructure.

Angola's Crypto Mining Empire: Authorities dismantled 25 illegal cryptocurrency mining centers operated by 60 Chinese nationals, seizing $37 million worth of mining equipment and 45 illicit power stations. The scale was so massive that the Angolan government plans to repurpose the confiscated equipment to support power distribution in underserved areas.

Zambia's $300 Million Investment Scam: A single criminal network defrauded 65,000 victims through an elaborate cryptocurrency investment scheme, using sophisticated advertising campaigns and requiring victims to download multiple apps to participate. The operation netted an estimated $300 million before authorities shut it down.

Côte d'Ivoire's International Inheritance Scam: Officers dismantled a transnational inheritance fraud originating in Germany, with losses estimated at $1.6 million. Despite being one of the oldest forms of online fraud, these scams continue to generate massive profits for criminal organizations.

The International Response

The success of Operation Serengeti 2.0 represented a fundamental shift in how international law enforcement approaches cybercrime in Africa. Previously, many African countries struggled with limited resources, jurisdictional challenges, and insufficient international cooperation.

INTERPOL Secretary General Valdecy Urquiza emphasized this evolution: "Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries."

The operation involved extensive preparation, including hands-on workshops covering open-source intelligence tools, cryptocurrency investigations, and ransomware analysis. This wasn't just about arrests—it was about building long-term investigative capacity across the continent.

Why Africa Became a Cybercrime Hub

The operations highlighted why Africa has become an attractive base for international cybercriminal networks. Many African countries have rapidly expanding internet infrastructure and growing digital economies, but cybersecurity frameworks and international cooperation mechanisms have lagged behind.

According to INTERPOL's 2025 Africa Cyberthreat Assessment Report, 86 percent of African member countries said their international cooperation capacity needs improvement due to slow, formal processes, a lack of operational networks, and limited access to platforms and foreign-hosted data.

This gap created an environment where sophisticated criminal networks could operate with relative impunity, using African infrastructure to target victims globally while exploiting limited cross-border law enforcement cooperation.

Beyond Arrests: Dismantling the Infrastructure

What set Operation Serengeti 2.0 apart was its focus on dismantling the technical infrastructure that enabled cybercrime at scale. The operation didn't just arrest individuals—it systematically dismantled the networks, servers, domains, and financial systems that made large-scale cybercrime possible.

Private sector partners played a crucial role, with companies like Group-IB, Kaspersky, Trend Micro, and others providing intelligence on criminal infrastructure. This public-private cooperation allowed investigators to map entire criminal ecosystems before taking them down simultaneously.

The Human Trafficking Connection

Perhaps most disturbing were the discoveries that went beyond traditional cybercrime. In Zambia, authorities identified connections between cybercrime operations and suspected human trafficking networks. During joint operations with the Immigration Department, they seized 372 fake passports from seven countries, suggesting that some cybercrime operations may be connected to broader international criminal enterprises.

A New Model for International Cooperation

The success of Operation Serengeti 2.0 demonstrates what's possible when international law enforcement moves beyond traditional reactive approaches. The operation combined:

Intelligence-led targeting: Using private sector threat intelligence to identify the most impactful criminal networks
Coordinated timing: Simultaneous operations across multiple countries to prevent criminals from simply relocating
Capacity building: Training local investigators in advanced techniques rather than just providing temporary assistance
Infrastructure focus: Targeting the technical systems that enable crime, not just individual criminals

Looking Forward

While the arrests represent a significant victory, they also underscore the scale of the challenge. The operations identified nearly 88,000 victims and $485 million in losses from just the networks they targeted—suggesting the true scope of cybercrime emanating from Africa is far larger.

As cybercriminals become more sophisticated and international, law enforcement responses must evolve accordingly. Operation Serengeti 2.0 provides a blueprint for this evolution: deep international cooperation, private sector partnership, systematic infrastructure targeting, and sustained capacity building.

The message to cybercriminals operating across borders is clear: the days of operating with impunity are ending. As INTERPOL Secretary General Urquiza noted, "This global network is stronger than ever, delivering real outcomes and safeguarding victims."

For the thousands of victims who lost money to these schemes, the arrests and asset recovery efforts represent a measure of justice. But perhaps more importantly, they represent a shift toward a world where cybercriminals can no longer simply hop between jurisdictions to avoid consequences.

The success of Operation Serengeti 2.0 proves that when international law enforcement coordinates effectively, even the most sophisticated cybercriminal networks are not beyond reach.

Operation Serengeti 2.0 was funded by the UK's Foreign, Commonwealth and Development Office and involved participation from Angola, Benin, Cameroon, Chad, Côte d'Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia, and Zimbabwe.