A large-scale law enforcement operation coordinated by Interpol has taken down a 1000-person cybercriminal network and recovered $97.4m in stolen money from over 88,000 victims.
The effort, codenamed Operation Serengeti 2.0 following a previous crackdown on African cybercrime in November 2024, ran from June to August 2025.
It involved law enforcement agencies from the UK and 18 African countries, as well as private companies (Fortinet, Group-IB, Kaspersky, Team Cymru, Trend Micro, TRM Labs and Uppsala Security) and nonprofit organizations (Cybercrime Atlas and the Shadowserver Foundation).
The operation achieved considerable results, including:
- The arrest of 1209 cybercriminals
- The dismantling of 11,432 malicious infrastructure assets (all in Angola)
- The recovery of $97,418,228
In total, law enforcement agencies have estimated that this cybercriminal network has targeted 87,858 victims and caused a monetary loss of $484,965,199.
Their activities included ransomware, online scams and business email compromise (BEC).
Valdecy Urquiza, secretary general of Interpol, highlighted that Interpol-led operations continue to grow in scale and achieve larger successes.
“Each Interpol-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results keep growing in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims,” he said.
Raids in Angola, Zambia and Côte d’Ivoire
Operation Serengeti 2.0 included raids across several African countries.
In Angola, law enforcement agencies dismantled 25 illegal cryptocurrency mining centers operated by 60 Chinese nationals who were unlawfully validating blockchain transactions.
Authorities also confiscated 45 illicit power stations and mining equipment worth over $37m, which will now support power distribution in underserved areas.
In Zambia, authorities uncovered a massive $300m online investment fraud scheme that defrauded 65,000 victims through fake cryptocurrency ads and fraudulent apps.
At least 15 suspects were arrested and investigators seized domains, mobile numbers and bank accounts linked to the scam.
Separately, Zambian officials, working with immigration authorities, raided a scam center in Lusaka and confiscated 372 forged passports from seven countries, disrupting a suspected human trafficking operation.
In Côte d’Ivoire, law enforcement took down a cross-border inheritance scam originating in Germany, where victims were tricked into paying fees to claim non-existent inheritances.
The fraud caused losses of $1.6m before authorities arrested the primary suspect and seized assets, including electronics, jewelry, cash and vehicles.
The collaborating private partners and nonprofit organizations provided law enforcement with intelligence, guidance and training to help investigators identify offenders effectively. This intelligence comprised critical information on specific threats, suspicious IP addresses, domains and malicious command-and-control (C2) infrastructure and was shared among participating agencies ahead of the operation.
Group-IB, an Interpol Gateway Partner, told Infosecurity that it provided investigators with information that led to the arrest of 1,006 suspects and the dismantling of more than 134,000 malicious infrastructures and networks used by cybercriminals for investment-related scams, multiple scam schemes including those impersonating government officials, phishing, romance baiting (pig butchering) and online casinos.
Dmitry Volkov, CEO of Group-IB, commented: “By dismantling criminal infrastructures and bringing offenders to justice, we are not only protecting victims across Africa but also strengthening the resilience of the entire digital ecosystem. […] With the right threat intelligence, advanced tools, and knowledge sharing, Group-IB helps — and will continue to help — safeguard communities and businesses worldwide.”
Partnership with Cybercrime Prevention Network InterCOP
Operation Serengeti 2.0 was held under the umbrella of the African Joint Operation against Cybercrime, funded by the UK’s Foreign, Commonwealth and Development Office (FCDO).
Participating African countries included Angola, Benin, Cameroon, Chad, Côte D’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, Zambia and Zimbabwe.
Beyond arrests, the operation prioritized prevention through a partnership with the International Cyber Offender Prevention Network (InterCOP), a 36-nation alliance led by the Netherlands.
By identifying and neutralizing cyber threats before they strike, InterCOP aims to shift the fight against digital crime from reaction to proactive disruption.