Logo
Daily Brief
Following
INTERPOL's African Cybercrime Crackdown

INTERPOL's African Cybercrime Crackdown

From BEC crackdowns to terror financing: INTERPOL's expanding African enforcement operations targeting cybercrime, financial fraud, and terrorist networks

Overview

INTERPOL just wrapped Operation Sentinel—574 arrests across 19 African countries, $3 million recovered, six ransomware variants decrypted. The month-long blitz stopped a $7.9 million heist against a Senegalese oil company hours before the money vanished. It's the latest in an escalating campaign: three cybercrime operations arrested 2,789 suspects and recovered $147 million since September 2024, while a new terror financing operation identified $260 million in suspicious flows and made 83 arrests across six countries.

Africa has become ground zero for business email compromise fraud and increasingly, cryptocurrency-enabled terror financing. Two-thirds of African countries report cyber-related crimes account for a medium-to-high share of all crime. INTERPOL's response: back-to-back operations bringing together investigators from dozens of countries, private sector tech firms (Team Cymru, Binance, Uppsala Security), and millions in UK and EU funding. The model is expanding—Operation Catalyst marked the first time financial crime, cybercrime, and counter-terrorism units joined forces continentwide, while a new African Development Bank partnership targets the $90 billion annual corruption drain.

16 Sources:
+10
INTERPOL BleepingComputer FBI Internet Crime Complaint Center U.S. Department of Justice Europol The Record AFRIPOL Dark Reading Africanews INTERPOL INTERPOL INTERPOL INTERPOL INTERPOL INTERPOL INTERPOL

Key Indicators

2,789
Total Arrests (16 months)
Suspects arrested across Operations Serengeti, Serengeti 2.0, and Sentinel combined
$147.4M
Funds Recovered
Total recovered across all three operations since September 2024
$2.77B
2024 Global BEC Losses
FBI IC3 reported BEC losses for 2024 across 21,442 incidents worldwide
147,521
Malicious Networks Disrupted
Domains, servers, and infrastructure dismantled across all operations
30%
Cybercrime Share
Percentage of all crimes in Western and Eastern Africa that are cyber-related

People Involved

Valdecy Urquiza
Valdecy Urquiza
INTERPOL Secretary General (Leading international cybercrime enforcement coordination)
DA
Dr Akinwumi Adesina
African Development Bank President (Leading partnership with INTERPOL on financial crime and anti-corruption)

Organizations Involved

Interpol
Interpol
International Law Enforcement Agency
Status: Leading coordinated African cybercrime enforcement operations

Global police cooperation organization coordinating the African Joint Operation against Cybercrime framework.

African Union Mechanism for Police Cooperation (AFRIPOL)
African Union Mechanism for Police Cooperation (AFRIPOL)
Continental Law Enforcement Agency
Status: Partner agency coordinating African member state participation

The African Union's technical institution for strengthening law enforcement cooperation across 55 member states.

UK Foreign, Commonwealth & Development Office
UK Foreign, Commonwealth & Development Office
Government Funding Agency
Status: Primary funder of African cybercrime operations

UK government department funding INTERPOL's African cybercrime enforcement through AFJOC and GLACY-e.

FBI Internet Crime Complaint Center (IC3)
FBI Internet Crime Complaint Center (IC3)
Federal Law Enforcement Agency
Status: Tracking global BEC losses and coordinating with international partners

FBI's cybercrime complaint and intelligence center documenting the global BEC threat.

African Development Bank Group
African Development Bank Group
Multilateral Development Bank
Status: First development bank partnering with INTERPOL on financial crime

Pan-African development finance institution providing financing and expertise for economic development projects across the continent.

Binance
Binance
Cryptocurrency Exchange
Status: Providing intelligence for INTERPOL terror financing investigations

Global cryptocurrency exchange providing transaction intelligence and virtual asset tracing for Operation Catalyst.

Uppsala Security
Uppsala Security
Cybersecurity Firm
Status: Partner providing intelligence for INTERPOL African operations

Japanese cybersecurity firm specializing in blockchain intelligence and threat detection.

Timeline

  1. AFRIPOL Sixth NLO Meeting in Algiers

    Conference

    40+ AU member states discuss cybercrime training, digital connectivity, and continental data sharing amid 3,153 weekly cyberattacks (61% above global average).

  2. Catalyst Results: 83 Arrested, $260M in Suspicious Flows

    Milestone

    Terror financing operation identifies $260M in fiat and virtual currencies linked to terrorism, seizes $600K, arrests 83 across six countries.

  3. INTERPOL African Regional Conference in Cape Town

    Conference

    188 senior police leaders from 56 countries convene to address transnational organized crime, sharing expertise and best practices.

  4. Operation Catalyst Launches

    Operation

    First joint financial crime, cybercrime, and counter-terrorism operation begins across six African countries targeting terror financing networks.

  5. INTERPOL Partners with African Development Bank

    Partnership

    First multilateral development bank to collaborate with INTERPOL signs letter of intent targeting $90 billion annual corruption and financial crime losses.

  6. INTERPOL Announces Sentinel Success

    Statement

    Public announcement of Operation Sentinel results highlights $21M in losses linked to investigated cases.

  7. Sentinel Results: 574 Arrested, 6 Ransomware Variants Decrypted

    Milestone

    Operation concludes with 574 arrests, $3M recovered, 6,000+ malicious links down, 4,318 social media accounts shut.

  8. Ghana Decrypts 30TB of Ransomware Data

    Technical

    Ghanaian investigators develop decryption tool recovering 30TB after ransomware encrypts 100TB at financial institution.

  9. Senegal Stops $7.9M Oil Company Heist

    Investigation

    BEC attackers impersonate petroleum company executives; Senegalese authorities freeze accounts before transfer completes.

  10. Operation Sentinel Begins

    Operation

    19 countries launch month-long operation targeting BEC, digital extortion, and ransomware with enhanced private sector support.

  11. Serengeti 2.0: 1,209 Arrested, $97.4M Recovered

    Milestone

    Second operation arrests 1,209 suspects, dismantles 11,432 infrastructures, uncovers $300M Zambian investment fraud.

  12. Operation Serengeti 2.0 Launches

    Operation

    18 African countries plus UK begin three-month operation targeting high-impact cybercrimes.

  13. INTERPOL Reports Sharp Rise in African Cybercrime

    Report

    2025 Africa Cyberthreat Assessment warns two-thirds of countries report medium-to-high cyber-related crime share.

  14. Valdecy Urquiza Becomes Secretary General

    Leadership

    Brazilian Police Commissioner appointed INTERPOL Secretary General, intensifies African cybercrime focus.

  15. Serengeti Results: 1,006 Arrested

    Milestone

    Operation concludes with 1,006 arrests, 134,089 malicious networks dismantled, $44M recovered from $193M in linked losses.

  16. Operation Serengeti Begins

    Operation

    19 African countries launch two-month operation targeting ransomware, BEC, and digital extortion networks.

  17. Operation Nervone Arrests OPERA1ER Figure

    Investigation

    Key figure from OPERA1ER cybercrime group targeting African financial institutions arrested.

  18. Africa Cyber Surge I Launches

    Operation

    First transnational African cybercrime operation identifies thousands of at-risk infrastructures, coordinated from INTERPOL command center in Kigali.

Scenarios

1

Enforcement Overwhelms Networks, BEC Declines

Discussed by: Implied by INTERPOL operational strategy and Urquiza's emphasis on sustained capacity building

Continuous operations force cybercrime networks to relocate or collapse faster than they can rebuild. INTERPOL's model—operations every few months, each building investigative skills in member states—creates sustained pressure. Private sector partnerships provide persistent technical intelligence. West African BEC operations migrate to other regions or abandon high-value corporate targets for lower-risk scams. African cybercrime share drops from 30% toward global average over 2-3 years. Requires sustained UK/EU funding and member state commitment.

2

Networks Adapt, Enforcement Catches Low-Level Operators

Discussed by: Critics of Nigerian enforcement noted by cybercrime researchers; pattern seen in 'Yahoo Boys' crackdowns

Operations arrest hundreds of low-level fraudsters while masterminds evade capture and networks reconstitute. BEC infrastructure becomes more distributed and harder to trace. Criminals shift from email compromise to harder-to-track methods like messaging apps and encrypted communications. African countries make arrests but lack resources for complex prosecutions. Operations become performative—good press releases, minimal lasting impact. This mirrors Nigerian EFCC crackdowns that arrest small-time operators while sophisticated networks persist.

3

Operations Expand Globally, Target Receiving Countries

Discussed by: IC3 data showing UK, Hong Kong, China as intermediary stops; international banking pattern analysis

INTERPOL applies African operation model to receiving countries where stolen funds land—UK, Hong Kong, UAE, China. Operations shift from arresting senders to freezing receiving accounts and prosecuting money launderers. International banks face pressure to implement better BEC detection. G7 countries mandate real-time verification for high-value corporate transfers. BEC remains prevalent but average heist size drops as banks catch transfers before completion. This leverages the Senegal petroleum case as proof-of-concept.

4

Funding Dries Up, Operations Slow

Discussed by: Dependency on UK FCDO and EU funding noted across all operations

UK or EU budget cuts eliminate AFJOC funding. Operations become smaller, less frequent. African countries lack resources to sustain enforcement without external support. INTERPOL coordination diminishes. Cybercrime networks regroup during enforcement gaps. BEC losses climb back toward previous levels. AFRIPOL attempts to fill gap with regional funding but lacks INTERPOL's global reach and private sector partnerships. African member states prioritize other threats over cybercrime.

5

Terror Financing Model Expands to Other Continents

Discussed by: Implied by Operation Catalyst's success in multi-unit coordination and private sector crypto intelligence

Operation Catalyst's model—financial crime, cybercrime, and counter-terrorism units working together with cryptocurrency firms like Binance providing transaction intelligence—proves effective at tracing virtual asset flows to terrorist networks. INTERPOL replicates the framework in Southeast Asia, Middle East, and South America where crypto-enabled terror financing is growing. The $260 million identified in Africa provides proof-of-concept for global expansion. Virtual asset service providers face increased pressure to implement real-time monitoring and reporting. Success depends on whether countries outside Africa will allow similar cross-unit coordination.

Historical Context

Operation Avalanche (2016)

2016

What Happened

Forty countries coordinated to dismantle the Avalanche cybercrime network, seizing and sinkholing over 800,000 malicious domains in what prosecutors called the largest-ever cybercriminal infrastructure takedown. The network had operated since 2010, controlling 500,000 infected computers daily and causing hundreds of millions in losses worldwide.

Outcome

Short term: Unprecedented disruption of major botnet infrastructure through coordinated sinkholing.

Long term: Established template for multi-country cybercrime operations requiring real-time coordination across 30+ jurisdictions.

Why It's Relevant

Proved international cooperation can dismantle sophisticated networks. INTERPOL's African operations use similar coordination but occur repeatedly rather than as one-off events, applying lessons about sustained pressure.

Europol J-CAT Formation (2014)

2014-present

What Happened

Europol established the Joint Cybercrime Action Taskforce, placing cyber liaison officers from multiple countries at a single headquarters in The Hague. J-CAT coordinates ongoing operations against ransomware, botnets, and identity theft rings, with 18 officers from 16 countries working together permanently.

Outcome

Short term: Enabled rapid multi-country operations like Magnus (RedLine infostealer takedown) and Triangle.

Long term: Created permanent infrastructure for cybercrime cooperation rather than ad-hoc arrangements, now expanding beyond Europe.

Why It's Relevant

INTERPOL's African operations mirror J-CAT's model—sustained cooperation building investigative capacity rather than one-off raids. The African Cybercrime Operations Desk functions like a continental J-CAT.

Nigerian 'Yahoo Boys' Enforcement Pattern (2020-2024)

2020-2024

What Happened

Nigerian EFCC and international partners conducted repeated crackdowns on internet fraudsters called 'Yahoo Boys,' arresting hundreds annually. Meta banned 63,000 accounts in 2024. Despite 500+ EFCC cybercrime convictions and 751 police arrests in 2024, critics argue operations primarily catch low-level operators while masterminds persist.

Outcome

Short term: Hundreds of arrests and asset seizures; significant media coverage of enforcement.

Long term: BEC operations continue at scale; critics note masterminds remain untouched and networks quickly reconstitute.

Why It's Relevant

Illustrates the challenge INTERPOL faces: arresting hundreds doesn't guarantee dismantling sophisticated networks if operations only reach lower levels. Highlights need for sustained capacity building to reach organizers.