Operation Serengeti 2.0: INTERPOL-led Cybercrime Crackdown in Africa
Summary
Hide â˛
Show âŧ
Operation Serengeti 2.0, an INTERPOL-led international operation, resulted in the arrest of 1,209 cybercriminals across Africa and the UK. The operation targeted high-harm and high-impact cybercrimes, including ransomware, online scams, and business email compromise (BEC). Between June and August 2025, law enforcement seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 87,858 victims worldwide. The operation involved investigators from 18 African countries and the UK, and utilized data from multiple private sector partners. Significant actions included the dismantling of 25 cryptocurrency mining centres in Angola, an online investment fraud operation in Zambia, and a transnational inheritance scam originating in Germany. Additionally, 45 illegal power stations and $37 million worth of mining and IT equipment were confiscated. A human trafficking network was also disrupted in Zambia. The operation also targeted a gang behind $300 million in investment fraud and a syndicate of Chinese nationals illegally mining cryptocurrency.
Timeline
-
22.08.2025 20:03 đ° 2 articles
Operation Serengeti 2.0: Additional details on seizures and disruptions
The article provides additional details about the scope and impact of Operation Serengeti 2.0. It highlights the seizure of 45 illegal power stations and $37 million worth of mining and IT equipment in Angola. The operation also disrupted a human trafficking network in Zambia and provided more information on the online investment scheme that affected 65,000 victims with losses of $300 million. The operation was conducted under the umbrella of the "African Joint Operation against Cybercrime." The article also reveals the targeting of a gang behind $300 million in investment fraud and a syndicate of Chinese nationals illegally mining cryptocurrency. The operation involved the dismantling of 25 cryptocurrency mining centers in Angola, run by 60 Chinese nationals. The article emphasizes the cooperation between Interpol and national law enforcement agencies in building long-term capacity and strengthening investigative skills.
Show sources
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
22.08.2025 13:08 đ° 2 articles
Operation Serengeti 2.0: 1,209 arrests and $97.4 million seized in Africa
Between June and August 2025, INTERPOL-led Operation Serengeti 2.0 resulted in the arrest of 1,209 cybercriminals across Africa and the UK. The operation targeted high-harm and high-impact cybercrimes, including ransomware, online scams, and business email compromise (BEC). Law enforcement seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 87,858 victims worldwide. The operation involved investigators from 18 African countries and the UK, and utilized data from multiple private sector partners. Significant actions included the dismantling of 25 cryptocurrency mining centres in Angola, the seizure of illicit power stations and mining equipment worth over $37 million, and the disruption of a large-scale online investment fraud operation in Zambia that affected 65,000 victims. The operation also involved the disruption of a transnational inheritance scam originating in Germany, with losses estimated at $1.6 million. Private sector partners Group-IB and TRM Labs provided crucial intelligence and support. Nigeria deported 102 foreign nationals convicted of cyber terrorism and internet fraud.
Show sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
Information Snippets
-
Operation Serengeti 2.0 took place between June and August 2025.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
The operation involved 18 African countries and the UK.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
1,209 suspects were arrested.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
87,858 victims were targeted worldwide.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
The operation seized $97.4 million in assets.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
11,432 malicious infrastructures were dismantled.
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
The operation targeted ransomware, online scams, and business email compromise (BEC).
First reported: 22.08.2025 13:08đ° 3 sources, 4 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0' â www.darkreading.com â 22.08.2025 20:03
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
-
The operation was funded by the UK's Foreign, Commonwealth, and Development Office.
First reported: 22.08.2025 13:08đ° 1 source, 1 articleShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
-
Private sector partners included Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs, and Uppsala Security.
First reported: 22.08.2025 13:08đ° 3 sources, 3 articlesShow sources
- Massive anti-cybercrime operation leads to over 1,200 arrests in Africa â www.bleepingcomputer.com â 22.08.2025 13:08
- INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown â thehackernews.com â 22.08.2025 14:05
- African Law Enforcement Agencies Nab Cybercrime Syndicates â www.darkreading.com â 27.08.2025 09:00
Similar Happenings
U.S. sanctions Southeast Asian cyber scam operations targeting Americans
The U.S. Department of the Treasury has sanctioned multiple cyber scam operations in Southeast Asia, primarily in Burma and Cambodia, which collectively stole over $10 billion from Americans in 2024. These operations use forced labor, human trafficking, and violence, operating as modern slavery farms. The scams involve romance baiting and fake cryptocurrency investments. The financial damage increased by 66% compared to 2023. The sanctions target 19 entities and individuals, including those linked to the Karen National Army (KNA) in Burma and various organized crime networks in Cambodia. The sanctions block these entities from the U.S. financial system and limit their access to international financial services. The cybercriminal syndicates in Southeast Asia are estimated to net nearly $40 billion annually in illicit profits. In May, OFAC targeted Funnull Technology Inc. and its administrator Liu Lizhi for their part in romance scams that caused more than $200 million in losses. In July, Cambodian law enforcement raided several cyber-scam centers, arresting more than 1,000 people, the majority of whom were foreign nationals. The UNODC reported that the cybercriminal operations in the region netted $40 billion in 2024, a significant fraction of the GDPs of many nations in the region. Interpol reported arrests of more than 1,200 cyber- and financial criminals in Africa, many of whom were foreign nationals from Southeast Asia conducting similar operations.
AI-Powered Cyberattacks Targeting Critical Sectors Disrupted
Anthropic disrupted an AI-powered operation in July 2025 that used its Claude AI chatbot to conduct large-scale theft and extortion across 17 organizations in healthcare, emergency services, government, and religious sectors. The actor used Claude Code on Kali Linux to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The operation, codenamed GTG-2002, employed AI to make tactical and strategic decisions, exfiltrating sensitive data and demanding ransoms ranging from $75,000 to $500,000 in Bitcoin. The actor used AI to craft bespoke versions of the Chisel tunneling utility to evade detection and disguise malicious executables as legitimate Microsoft tools. The operation highlights the increasing use of AI in cyberattacks, making defense and enforcement more challenging. Anthropic developed new detection methods to prevent future abuse of its AI models.
Data breach at Auchan exposes sensitive information of hundreds of thousands of customers
French retailer Auchan experienced a cyberattack that exposed sensitive personal data of several hundred thousand customers. The compromised data includes full names, titles, postal addresses, email addresses, phone numbers, and loyalty card numbers. The breach did not affect bank data, passwords, or PIN numbers. The company has notified affected customers and the French Data Protection Authority (CNIL). Auchan has advised customers to be vigilant against potential phishing attacks using the stolen information. The incident follows similar breaches at other large French entities, but no evidence links these attacks to a coordinated campaign. This is the second data breach that Auchan has disclosed over the past year. The company sent the same notification to its customers in November 2024.
North Korean actors exploit fake employee identities to infiltrate companies
North Korean state-sponsored hackers have infiltrated companies by using fake or stolen identities to secure IT jobs. These actors have stolen virtual currency and funneled money to North Korea's weapons program. The practice has grown with the rise of remote work and AI, posing significant security risks to organizations. The Justice Department has disrupted several laptop farms enabling these activities, but the threat persists. The U.S. Treasury has imposed sanctions on individuals and entities involved in the scheme, highlighting the use of AI to create convincing professional backgrounds and technical portfolios. Organizations are advised to enhance supervision, access governance, and use AI tools to detect and mitigate these insider threats. Japan, South Korea, and the United States are cooperating to combat North Korean IT worker fraud schemes. The joint forum held on Aug. 26 in Tokyo aimed to improve collaboration among the three countries. The scheme involves thousands of operatives and facilitators with distinct roles, including setting up laptop farms, contacting recruiters, and processing stolen information. The North Korean remote-worker scheme has collected more than $88 million over six years. The number of North Korean operatives infiltrating companies by posing as remote IT workers has increased by 220% year-over-year. North Korean operatives have used AI-generated profiles, deepfakes, and real-time AI manipulation to pass interviews and vetting protocols. American accomplices have operated laptop farms to provide North Korean operatives with physical US setups, company-issued machines, and domestic addresses and identities. The threat of hiring fraud is escalating quickly, with over 320 cases of North Korean operatives infiltrating companies reported in August 2025.
Russian State-Sponsored Hackers Exploit Cisco Vulnerability for Cyber Espionage
The Russian state-sponsored cyber espionage group Static Tundra is exploiting a seven-year-old vulnerability (CVE-2018-0171) in Cisco IOS and Cisco IOS XE software to establish persistent access to target networks. The group, linked to the FSB's Center 16 unit, targets telecommunications, higher education, manufacturing, and critical infrastructure sectors across North America, Asia, Africa, and Europe, including increased attacks in Ukraine since the start of the war. The attacks involve exploiting the Smart Install feature to execute arbitrary code and collect configuration files from thousands of networking devices. The group uses custom tools like SYNful Knock for persistence and employs SNMP to gain unauthorized access. The primary goal is long-term intelligence gathering, with a focus on strategic interests of the Russian government. The FBI and Cisco have issued advisories warning about the ongoing exploitation of this vulnerability, urging organizations to patch or disable the Smart Install feature. End-of-life devices are particularly vulnerable, as they no longer receive security updates, creating persistent attack vectors. The FBI has detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors. The actors used the unauthorized access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems. The same hacking group has previously targeted the networks of US state, local, territorial, and tribal (SLTT) government organizations and aviation entities over the last decade. The U.S. Department of State has offered a $10 million reward for information on three FSB officers involved in these cyberattacks, highlighting the group's extensive targeting of critical infrastructure and energy companies globally. The three officers, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov, targeted over 380 energy-sector companies in 135 countries. They were involved in the Dragonfly campaign, which included obtaining persistent access to victim networks and infecting them with the Havex malware through supply chain compromise.