Cyber Crime
Operation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in Africa
Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims.
Save to Folio
Key takeaways
- Operation Serengeti 2.0 led to 1,209 arrests, 11,432 infrastructures dismantled, nearly US$100M recovered, and 88,000 victims protected.
- Authorities in 18 nations disrupted major schemes, including crypto mining in Angola, a US$300M fraud in Zambia, and an inheritance scam in Côte d’Ivoir
- Trend Micro supported with threat intelligence, infrastructure mapping, investigator training, and actionable data to accelerate investigations.
In one of the most significant cybercrime crackdowns of 2025, INTERPOL’s Operation Serengeti 2.0 resulted in the arrest of 1,209 suspected cybercriminals, the dismantling of 11,432 malicious infrastructures, and the recovery of US$97.4 million in illicit funds, ultimately safeguarding nearly 88,000 potential victims.
Between June and August 2025, investigators from 18 African nations and the United Kingdom targeted key threats identified in the INTERPOL Africa Cyberthreat Assessment Report. These include threats such as ransomware, online scams, and business email compromise (BEC).
Key operational highlights
- Angola: Authorities took down 25 illegal cryptocurrency mining centers, seizing IT and mining equipment valued at US$37 million.
- Zambia: Law enforcement disrupted a US$300 million online investment fraud scheme impacting 65,000 victims, resulting in 15 arrests and the seizure of critical evidence.
- Côte d’Ivoire: A US$1.6 million inheritance scam was neutralized with the arrest of the main suspect and the seizure of assets, including electronics, jewellery, and vehicles.
Trend Micro’s contribution
As one of INTERPOL's operational partners, Trend is honored to have contributed threat intelligence that directly contributed to the operation's success. Our contributions included:
- Mapping and flagging malicious infrastructure hosted across Africa.
- Detecting digital extortion and sextortion emails targeting local organizations and individuals.
- Sharing actionable intelligence on IP addresses, domains, and command-and-control (C&C) servers to expedite investigative efforts.
By providing this vital intelligence, we helped law enforcement pinpoint criminal infrastructure and proactively protect potential victims, helping prevent further harm.
Empowering investigators through training
Prior to the operation, Trend conducted hands-on training workshops on ransomware analysis and investigation. By enhancing investigative skillsets, we helped empower law enforcement personnel to pursue cybercriminals with greater precision and effectiveness.
The future of collaboration
Operation Serengeti 2.0 demonstrates the impact of coordinated action between global law enforcement and cybersecurity experts. Another example of this is the recent Operation Secure, which resulted in the dismantling of major infostealer infrastructures across Asia-Pacific—taking down 20,000+ malicious IPs and domains, seizing 41 servers, arresting 32 suspects.
At Trend, we firmly believe that collaboration is critical to disrupting cybercrime at scale. By working hand-in-hand with partners worldwide, through intelligence-sharing, infrastructure dismantling, and helping them connect the dots, we’re making cyberspace safer for individuals, businesses, and governments alike.