The Interpol-led operation resulted in the arrest of 1,006 suspects in 19 African countries and the destruction of 134,089 malicious infrastructures and networks as part of a coordinated effort to end cybercrime on the continent.
Duplicated Serengetilaw enforcement exercises were held from September 2 to October 31, 2024. and were targeted at criminals behind ransomware, business email breaching (BEC), digital extortion and online fraud.
Algeria, Angola, Benin, Cameroon, Ivory Coast, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe participated in the operation.
These activities, which ranged from online credit card fraud and Ponzi schemes to investment and multi-level marketing fraud, have victimized more than 35,000 people, resulting in nearly $193 million in financial losses worldwide.
In the West African country of Senegal, authorities have arrested eight people, including five Chinese nationals, in connection with a $6 million online Ponzi scheme. A search of their apartments turned up 900 SIM cards, $11,000 in cash, phones, laptops and copies of the IDs of 1,811 victims.
Authorities also dismantled a virtual casino in Luanda that targeted Brazilian and Nigerian gamblers with the aim of defrauding them through an online platform and luring them with a percentage of winnings to members recruiting new subscribers.
“From multi-level marketing scams to industrial-scale credit card fraud, the increase in the volume and sophistication of cybercriminal attacks is a cause for serious concern,” Valdesi Urquiza, Interpol Secretary General, said in the statement.
“Operation Serengeti shows what we can achieve when we work together and these arrests alone will save countless potential future victims from real personal and financial pain.” We know this is only the tip of the iceberg, so we will continue to target these criminal groups around the world.”
Group-IB, which was a private sector partner in the operation, said it had also discovered about 10,000 distributed DDoS attacks from African servers over the past year, more than 3,000 phishing domains located in the region and details about the actors who leaked the data on dark web forums.
Russian cybersecurity provider Kaspersky said he contributed to the operation by “sharing threat actor intelligence, data on ransomware and malware attacks targeting the region, and updated indicators of compromise (IoC) for malicious infrastructure across Africa.”
