Full Report
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
Analysis Summary
# Main Topic
INTERPOL-led cybercrime disruption operation ("Operation Serengeti") targeting cybercriminal activities across 19 African nations between September 2 and October 31, 2024, resulting in mass arrests and the takedown of malicious infrastructure.
## Key Points
- **Operation Name:** Serengeti.
- **Duration:** September 2 to October 31, 2024.
- **Scope:** Coordinated law enforcement effort across 19 African countries.
- **Impact:** 1,006 suspects arrested and 134,089 malicious infrastructures and networks dismantled.
- **Financial Impact:** Affected victims globally, leading to financial losses nearly amounting to $193 million.
- **Victim Count:** More than 35,000 people victimized.
## Threat Actors
- **Attribution:** Not specifically attributed to named advanced persistent threat (APT) groups, but described as criminals engaged in industrial-scale cybercrime.
- **Identified Suspects:** 1,006 suspects arrested across participating nations.
- **Noteworthy Arrest:** Eight individuals, including five Chinese nationals, arrested in Senegal in connection with a $6 million online Ponzi scheme.
## TTPs
- **Targeted Cybercrime Types:** Ransomware, Business Email Compromise (BEC), digital extortion, and online scams.
- **Specific Scams Detailed:** Online credit card fraud, Ponzi schemes, investment scams, and multi-level marketing (MLM) scams.
- **Operational Tactics:** Dismantling of a virtual casino in Luanda targeting Brazilian and Nigerian gamblers through recruitment-based fraud schemes.
- **Evidence Seized (Senegal Example):** 900 SIM cards, phones, laptops, and copies of ID cards associated with 1,811 victims.
## Affected Systems
- **Geographic Scope:** Operations spanned 19 African countries: Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe.
- **Victims:** Over 35,000 individuals globally affected by financial crimes.
- **Infrastructure Targeted:** 134,089 malicious infrastructures and networks.
## Mitigations
*Note: The provided text focuses on the enforcement action rather than providing technical mitigation advisories. The summary below reflects the operational necessity inferred from the threats.*
- **International Cooperation:** Highlighted the importance of joint efforts (like Operation Serengeti) to counter transnational cybercrime.
- **Detection/Disruption:** Focus on dismantling command-and-control (C2) infrastructure (134,089 networks).
- **Addressing Financial Fraud:** Increased focus on identifying and disrupting investment, MLM, and online gambling scams.
## Conclusion
Operation Serengeti represents a significant, coordinated international effort to severely degrade cybercrime operations originating from or routed through Africa. The scale of arrests and infrastructure takedowns suggests a major disruption to criminal ecosystems involved in ransomware, BEC, and large-scale financial fraud. INTERPOL warns that the scale of criminal activity uncovered is likely "just the tip of the iceberg," necessitating continued international vigilance and operational engagement. No specific Indicators of Compromise (IoCs) or technical URLs were provided in the context summary to defang.