Operation Sentinel: Africa-Wide Cybercrime Crackdown and Major Arrests
Law enforcement agencies across 19 African countries, coordinated by INTERPOL under Operation Sentinel, arrested 574 suspects and recovered approximately $3 million in a sweeping crackdown on cybercrime. The month-long operation targeted business email compromise (BEC), digital extortion, and ransomware, resulting in the takedown of over 6,000 malicious links and the decryption of six ransomware variants. Notable incidents included the prevention of a $7.9 million BEC fraud at a Senegalese petroleum company, a ransomware attack on a Ghanaian financial institution that encrypted 100 terabytes of data, and the dismantling of a cross-border scam in Ghana and Nigeria that defrauded over 200 victims. Authorities also seized more than 100 digital devices, took down 30 servers, and shut down thousands of scam-linked social media accounts, with total financial losses from investigated cases exceeding $21 million.
The operation highlighted the increasing scale and sophistication of cyberattacks targeting critical sectors such as finance and energy across Africa. International cooperation and rapid response were key to the operation's success, with support from private sector partners including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security. The results demonstrate a strong commitment by African law enforcement and their international partners to combat cybercrime and protect digital infrastructure in the region.
Timeline
Dec 22, 2025
INTERPOL publicly announces Operation Sentinel results
INTERPOL and media outlets disclosed the results of Operation Sentinel, highlighting the 574 arrests, $3 million recovered, and disruption of cybercrime infrastructure across Africa. Officials said the operation underscored the growing scale and sophistication of cybercrime targeting sectors such as finance and energy on the continent.
Nov 27, 2025
Operation Sentinel concludes with arrests, takedowns, and fund recovery
By the end of the operation, authorities had arrested 574 suspects, recovered about $3 million, taken down more than 6,000 malicious links, and decrypted six ransomware variants. INTERPOL linked the disrupted activity to more than $21 million in losses.
Nov 27, 2025
Ghana-Nigeria cyber-fraud network is dismantled
Investigators disrupted a cross-border cyber-fraud network operating in Ghana and Nigeria that impersonated fast-food brands and supported broader scam activity. The takedown was one of the notable enforcement actions under Operation Sentinel.
Nov 27, 2025
Benin disrupts scam infrastructure and malicious online accounts
As part of the operation, authorities in Benin dismantled online scam and extortion infrastructure. Actions included shutting down malicious domains, servers, and thousands of fraudulent social media accounts.
Nov 27, 2025
Ghana ransomware case leads to arrests and data recovery
Authorities in Ghana responded to a ransomware attack on a financial institution, arrested suspects, and recovered critical data. Reporting says investigators developed or used decryption capabilities to restore about 30 TB of affected data.
Nov 27, 2025
Senegalese authorities stop $7.9 million BEC transfer
During Operation Sentinel, authorities in Senegal disrupted a business email compromise scheme targeting a major petroleum company. The intervention prevented a fraudulent wire transfer of about $7.9 million.
Oct 27, 2025
Operation Sentinel runs across 19 African countries
INTERPOL coordinated Operation Sentinel, a month-long cybercrime enforcement operation conducted with law enforcement in 19 African countries. The campaign targeted business email compromise, digital extortion, and ransomware between October 27 and November 27, 2025.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
2 more from sources like help net security and bleeping computer
Related Stories
INTERPOL Operation Red Card 2.0 African Cybercrime Crackdown
**INTERPOL’s Operation Red Card 2.0**, coordinated under the **African Joint Operation against Cybercrime (AFJOC)**, resulted in **651 arrests** across **16 African countries** and the recovery of **over $4.3 million** tied to online scam activity. The operation ran from **December 8, 2025 to January 30, 2026**, identified **1,247 victims**, and targeted criminal activity linked to **over $45 million** in losses, including **high-yield investment fraud**, **mobile money fraud**, and **fraudulent mobile loan applications**. Law enforcement reported significant disruption activity, including the seizure of **2,341 devices** and takedowns of **1,442 malicious IPs/domains/servers (and related infrastructure)**. Notable actions included Nigeria dismantling an investment-fraud ring that leveraged **phishing, identity theft, and social engineering** (with **1,000+ fraudulent social media accounts** removed) and arresting **six suspects** accused of breaching a major telecom provider using **compromised staff credentials** to steal airtime/data for resale; Kenya arrested **27 suspects** tied to social-media/messaging-driven fraud schemes; and Côte d’Ivoire arrested **58 suspects** linked to predatory loan-app activity with hidden fees and abusive collection practices.
1 months ago
Global Law Enforcement Crackdowns on Cybercrime Networks and Operations
Law enforcement agencies worldwide have intensified efforts to disrupt cybercrime networks, targeting both large-scale organized groups and individual offenders. In 2025, major international operations led to the seizure of approximately $15 billion in Bitcoin from the Prince Group, a syndicate accused of running forced-labor scam centers and crypto fraud schemes. Authorities in Southeast Asia and Africa conducted coordinated raids, arresting thousands of suspects, dismantling malicious infrastructure, and recovering millions in illicit funds. These actions were supported by intelligence sharing and technical assistance from private companies, reflecting a growing trend of cross-border collaboration to combat cyber threats such as ransomware, business email compromise, and online scams. In South Korea, police arrested four individuals accused of compromising over 120,000 IP cameras, with the intent to create and sell sexually exploitative videos. The suspects exploited weak or default passwords to gain access to cameras in sensitive locations, including medical offices. Law enforcement responded by notifying affected owners and emphasizing the seriousness of such privacy violations. These arrests are part of a broader global crackdown on cybercrime, which also included operations in Australia and the UK targeting Wi-Fi-based attacks and dark web marketplaces. Authorities continue to stress the importance of active investigation and international cooperation to address the evolving landscape of cyber-enabled crime.
1 months ago
Law Enforcement Disrupts Cybercrime Networks and Arrests Ransomware and Fraud Suspects
International and national law enforcement actions were reported targeting a range of cybercrime activity, including ransomware, extortion, and large-scale fraud. SentinelOne summarized multiple cases: Dutch authorities arrested a man accused of attempting to extort officials after receiving sensitive documents by mistake and refusing to delete them; Polish authorities detained a suspect linked to the **Phobos** ransomware-as-a-service ecosystem as part of Europol-coordinated **Operation Aether**, seizing materials such as stolen credentials and access information; and **Operation Red Card 2.0** (coordinated through Interpol/AFJOC) resulted in hundreds of arrests across multiple African countries, along with seizures of devices, takedowns of malicious sites, and recovery of funds tied to investment fraud and mobile-money/loan scams. Separately, Security Affairs’ weekly newsletter highlighted additional ongoing cyber risk items that align with the same broad theme of active cybercrime and enforcement pressure, including an **FBI warning** about a surge in **ATM jackpotting** losses and reporting on **Operation Red Card 2.0**. Other items in the Security Affairs roundup (e.g., additions to CISA’s KEV catalog, vendor/software issues, and various malware reports) were presented as a curated link list rather than a single unified incident. A SOCRadar profile on the China-attributed **Lotus Blossom** espionage group and a Tom’s Hardware historical piece on the first computer search warrant are not part of the law-enforcement disruption story and do not materially support the same specific event narrative.
1 months ago