As part of its partnership with INTERPOL, Kaspersky has recently participated in the law enforcement agency’s operation, known as Serengeti 2.0, to combat cybercrime across the African continent. Focused on several criminal activities which target both organizations and individuals in the region, the action resulted in the arrest of 1,209 suspected cybercriminals. Kaspersky has contributed to the operation, having shared its threat intelligence data and indicators of compromise (IoCs) on the threats investigated.
Running from June to August 2025, Serengeti 2.0 brought together investigators from 18 African countries* and the United Kingdom to tackle high-impact cybercrimes including ransomware, online scams and business email compromise (BEC). The crackdown recovered USD 97.4 million and dismantled 11,432 malicious infrastructures which were involved in cybercrimes targeting nearly 88,000 victims.
As a regular contributor to INTERPOL-led operations, Kaspersky empowered the law enforcement agency with its threat intelligence data on the cyberthreats investigated. The company has shared its data on regional threats, including phishing websites threatening users in Africa, botnet and malicious DDoS infrastructure, as well as ransomware attack statistics. For the period from January-May 2025, Kaspersky products detected about 10,000 unique ransomware samples across the region.
Additionally, at the request of INTERPOL, Kaspersky’s Threat Research expertise center researched a cryptocurrency investment scheme, which tricked users into investing their money into a fake business, and identified new network IoCs which enabled law enforcers to investigate the scammers further. The investment fraud scheme was cracked down by Zambian authorities, who identified 65,000 victims falling prey to the fraudulent campaign, losing an estimated USD 300 million. As many as 15 individuals were arrested by the Zambian authorities as a result of the probe, with investigations still ongoing to track down overseas collaborators.
The first edition of operation Serengeti was held from September-October 2024 and cracked down on cybercrimes such as ransomware operations, digital extortion and online scams. These criminal activities caused nearly USD 193 million in damages and, as a result of an effort uniting nearly 20 participating countries, more than 1,000 suspected cybercriminals were then arrested.
Valdecy Urquiza, Secretary General of INTERPOL, said:
"Each INTERPOL-coordinated operation builds on the last, deepening cooperation, increasing information sharing and developing investigative skills across member countries. With more contributions and shared expertise, the results keep growing in scale and impact. This global network is stronger than ever, delivering real outcomes and safeguarding victims."
“The African continent’s rapid digitalization can be a double-edge sword: whilst providing space for new development opportunities on the one hand, it is bringing emerging risks on the other,” noted Yuliya Shlychkova, Vice-President of Government Affairs & Public Policy at Kaspersky. “It is extremely important to drive effective private-public partnership which can enhance existing cooperation arrangements and create new ones in the quest of building a healthy cyberspace in the region. The successful example of INTERPOL-coordinated operations shows how effective permanent dialogue and data exchange can be between private players and law enforcement in curbing cybercrime rates. By scaling out such initiatives, we can make sure that the digital world is a space for opportunity and not for threats.”
As evidenced in INTERPOL’s latest Africa Cyberthreat Assessment Report 2025, which comprises Kaspersky’s threat data, while Africa has made significant progress in cybersecurity recently, cybercrime is still accelerating across the continent. The trend among other things is facilitated by the proliferation of AI-driven crimes and an increase in the use of turnkey attack infrastructure. With limited cross-border cooperation capacities recognized by nearly 90% of African agencies, the significance of streamlined multistakeholder efforts to respond to evolving cyber risks is immense.
Thanks to INTERPOL-coordinated actions, the African region has recently witnessed a number of fruitful missions that resulted in the demolition of malicious infrastructure and the apprehension of responsible attackers. In addition to the two editions of operation Serengeti, Kaspersky has previously partaken in the Africa Cyber Surge, Africa Cyber Surge II, and Red Card operations, all of which sought to build a safer cyber environment in the African region.
· Participating countries: Angola, Benin, Cameroon, Chad, Côte D’Ivoire, Democratic Republic of Congo, Gabon, Ghana, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Seychelles, Tanzania, United Kingdom, Zambia and Zimbabwe.
