More than 1,200 people apprehended, nearly $100 million recovered and 88,000 victims identified – this is the tally of the Interpol-coordinated operation, conducted between June and August 2025.
The wide-ranging operation, code-named Serengeti 2.0, targeted cyber criminals operating across Africa – including ransomware groups and online fraudsters. The action by law enforcement forces from 18 African countries was supported by the UK and private sector partners.
Serengeti 2.0 was logistically and operationally one of the most complex operations of recent years. The operation targeted cybercriminals with the greatest influence in Africa identified by Interpol – including ransomware groups that carried out online and cryptocurrency fraud and Business Email Compromise (BEC) attacks.
The services also smashed organised groups involved in illegal cryptocurrency mining and human trafficking. One outcome of the operation was the dismantling of a group of criminals luring victims to ‘invest’ in cryptocurrencies in Zambia, who defrauded more than 65,000 people.
The involvement of multiple jurisdictions has made it possible to ‘close’ the entire criminal chain – from the tracking of infrastructure, to the identification of perpetrators, to the confiscation of defrauded funds from victims.
The scale of the action reflects the scale of the problem: modern cyber attacks match the actions of multinational corporations in terms of speed and scope.
Intelligence not only in the services
As part of the operation, Interpol’s technical partners, including Fortinet, provided data and analysis to assist in operational decision-making. With an extensive telemetry and analytics infrastructure at their disposal, they provided information prior to the operation on, among other things, security breach indicators (IOCs) and the C2 (Command&Control) infrastructure providing communication between the cybercriminals’ servers.
This enabled the search area to be narrowed down and targets to be selected and elements of the malicious infrastructure to be deactivated more quickly. Before field operations began, the technical partners provided intelligence to the services, enabling them to precisely locate key infrastructure and the individuals behind the procedure.
Operation Serengeti 2.0 demonstrates the importance of intelligence sharing between the services and the private sector, as well as preparation for action – from analysing attack patterns to quickly translating information into action on the ground.
“Cybercrime groups have adopted a strategy of globalisation, specialisation and collaboration. They use global infrastructure, operating beyond the reach of individual governments or companies. Therefore, even the best security and IT teams’ competencies need to be complemented by systemic collaboration. Operations such as Serengeti 2.0 show how much can be achieved when law enforcement, experts and the private sector work hand in hand. Information sharing, mutual trust and cooperation are essential to enhance the security of state institutions, companies and citizens,” emphasises Robert Dabrowski, Systems Engineering Customer Relationship Manager at Fortinet.
While the Serengeti 2.0 action remains in the spotlight, it is worth noting that its effectiveness is the result of long-standing initiatives and collaboration through projects such as the Interpol Cybercrime Expert group (#CyberEX) and the World Economic Forum’s Cybercrime Atlas.
Fortinet has also been working with Interpol for more than 10 years, and has been an official Interpol Gateway partner since 2018, facilitating in-depth, rapid information sharing. Previous activities have included an operation in Southeast Asia, during which nearly 9,000 C2 servers and hundreds of infected sites were identified.
Serengeti 2.0 is a model of operations worth repeating: precise reconnaissance, coordinated strikes in multiple countries, rapid blocking of financial flows and constantly improving information sharing. Private and public sector collaboration, data sharing and faster decision-making are producing tangible results: arrests, recovered funds and real protection for tens of thousands of people.
source: Fortinet
