CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Large-scale Africa-wide cybercrime crackdown arrests over 1,200 suspects

First reported
Last updated
4 unique sources, 7 articles

Summary

Hide ▲

Operation Serengeti 2.0, an INTERPOL-led international operation, resulted in the arrest of 1,209 cybercriminals across Africa. The operation targeted cross-border cybercrime gangs involved in ransomware, online scams, and business email compromise (BEC). The operation, conducted from June to August 2025, involved law enforcement from 18 African countries and the UK. Authorities seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 88,000 victims worldwide. Following this, Operation Sentinel, conducted between October 27 and November 27, 2025, led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. The operation took down more than 6,000 malicious links and decrypted six distinct ransomware variants. The cybercrime cases investigated are connected to more than $21 million in financial losses. The operations were supported by data from private sector partners, including Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs, and Uppsala Security. Cybercrime now accounts for 30% of all reported crime in Western and Eastern Africa and is increasing rapidly elsewhere on the continent. Interpol's 2025 Africa Cyberthreat Assessment Report noted that two-thirds of African member countries claim cyber-related offenses now account for a 'medium-to-high' (i.e., 10-30% or 30%+) share of all crimes. Interpol director of cybercrime, Neal Jetton, warned that the scale and sophistication of cyber-attacks across Africa are accelerating, especially against critical sectors like finance and energy.

Timeline

  1. 22.12.2025 20:38 3 articles · 1d ago

    Operation Sentinel arrests 574 and decrypts 6 ransomware strains

    Operation Sentinel involved authorities from 19 countries, including Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. The operation took down 6,000 malicious links and decrypted six distinct ransomware variants. Multiple suspects were arrested in connection with a ransomware attack targeting an unnamed Ghanaian financial institution that encrypted 100 terabytes of data and stole about $120,000. Ghanaian authorities took down a cyber fraud network operating across Ghana and Nigeria that defrauded more than 200 victims of over $400,000 using well-designed websites and mobile apps impersonating popular fast-food brands. As part of the effort, 10 individuals were apprehended, 100 digital devices were seized, and 30 fraudulent servers were taken offline. Law enforcement from Benin dismantled 43 malicious domains and 4,318 social media accounts used for extortion schemes and scams, resulting in the arrest of 106 people. The operation is part of the African Joint Operation against Cybercrime (AFJOC), which aims to enhance the capabilities of national law enforcement agencies in Africa and better disrupt cybercriminal activity in the region.

    Show sources
    Open in new tab
  2. 22.08.2025 13:08 5 articles · 4mo ago

    Operation Serengeti 2.0 leads to 1,209 arrests in Africa

    The operation targeted a gang behind $300 million in investment fraud, a group involved in a cybercrime scam center and human trafficking, and a syndicate of Chinese nationals illegally mining cryptocurrency. The operation also involved dismantling 25 cryptocurrency mining centers in Angola, confiscating 45 illicit power stations, and disrupting an online investment fraud operation in Zambia with 65,000 victims and $300 million in losses. The operation is part of a series of multi-month investigations and arrests highlighted by Interpol, including the original Operation Serengeti and Operation Cyber Surge. The efforts also show that cooperation between Interpol and national law enforcement agencies has resulted in a maturing capability for investigating and prosecuting cybercrime. The operation targeted ransomware, online scams, and business email compromise (BEC).

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

European Authorities Dismantle Ukraine-Based Call Center Fraud Ring

European law enforcement dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of over 10 million euros. The operation involved arrests, seizures, and the disruption of multiple call centers employing approximately 100 people. The criminals used various schemes, including impersonating bank employees and police officers, to defraud over 400 known victims. The network operated as a commission-based criminal enterprise, promising bonuses for successful scams. Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine, supported by Eurojust, arrested 12 suspects out of 45 identified. The operation included 72 searches across three Ukrainian cities, leading to the seizure of vehicles, weapons, a polygraph machine, computers, cash, and counterfeit identification documents. The fraud ring used remote access software to steal banking logins and directed victims to transfer funds to 'safe' accounts under their control. Members of the network had different roles, including making scam phone calls, forging official documents, and collecting cash from victims.

Open in new tab

Cyberattack on French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers, detected between December 11 and 12, 2025. The breach allowed unauthorized access to document files, though data exfiltration remains unconfirmed. The ministry has tightened security protocols and launched an investigation to determine the origin and scope of the attack. Possible motives include foreign interference, activism, or cybercrime. On December 17, 2025, a 22-year-old suspect was arrested in connection with the attack. The suspect is accused of unauthorized access to an automated personal data processing system as part of an organized group. Investigations are being conducted by OFAC, France's Office for Combating Cybercrime. A BreachForums admin claimed responsibility for the attack, alleging it was in revenge for the arrests of forum moderators and admins. The forum post claims that data on 16,444,373 people from France's police records was stolen. In April 2025, France attributed a widespread hacking campaign to APT28, a group linked to Russia's GRU, targeting various French entities.

Open in new tab

Europol Disrupts $55m in Cryptocurrency Linked to Online Piracy

A coordinated operation led by Europol, the European Union Intellectual Property Office, and Spain’s National Police targeted online intellectual property violations. The operation identified 69 sites, traced $55m in cryptocurrency flows, and disrupted 25 illicit IPTV services by collaborating with crypto service providers. The initiative also emphasized the growing use of cryptocurrency by criminals and the importance of international cooperation in combating digital piracy.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

International Law Enforcement Dismantles Credit Card Fraud Networks

International authorities have dismantled three large-scale credit card fraud and money laundering networks in Operation Chargeback. The operation targeted 44 suspects, including American, Austrian, Canadian, Danish, Dutch, German, and Lithuanian nationals, and resulted in the arrest of 18 individuals. The fraud networks affected over 4.3 million cardholders across 193 countries, causing losses exceeding €300 million. The operation involved over 60 searches and the execution of 18 arrest warrants. The fraudsters created over 19 million fake online subscriptions for services like pornography, dating, and streaming. They disguised monthly charges of about €50 to avoid detection. The operation was led by the Cybercrime Department of the General Prosecutor’s Office in Koblenz and the German Federal Criminal Police Office, supported by Europol and Eurojust. Authorities seized assets worth over €35 million, including luxury vehicles, cryptocurrency, and electronic devices. The suspects face accusations of organized computer fraud, membership in a criminal group, and money laundering. The fraudsters abused four major German payment service providers to launder proceeds, with six employees allegedly helping the fraudsters in exchange for fees. The suspects concealed their activities through numerous shell companies obtained through crime-as-a-service providers, primarily registered in the UK and Cyprus. The estimated attempted damages from the fraud schemes surpass €750 million (~$865 million).

Open in new tab