In a recent demonstration of international collaboration, Operation Sentinel has delivered a major blow to cybercrime networks across Africa. Coordinated by INTERPOL under the African Joint Operation against Cybercrime (AFJOC), this month-long initiative from October 27 to November 27, 2025, resulted in the arrest of 574 suspects and the recovery of approximately USD 3 million in illicit funds. This, according to an update and insights shared recently by TRM Labs.
TRM Labs also mentioned that the effort involved law enforcement agencies from 19 African countries, including Benin, Ghana, Nigeria, Senegal, Cameroon, South Africa, and others, highlighting the growing threat of digital crimes on the continent.
The operation specifically targeted three escalating threats identified in INTERPOL’s 2025 Africa Cyber Threat Assessment Report: business email compromise (BEC), ransomware, and digital extortion.
These sophisticated schemes exploit trusted communications, lock critical data, and demand payments, increasingly affecting vital sectors like finance and energy.
Investigators linked the cases pursued during Sentinel to estimated losses exceeding USD 21 million, underscoring the scale of the damage inflicted by these criminal enterprises.
Authorities dismantled more than 6,000 malicious links and successfully decrypted six distinct ransomware variants, preventing further harm and restoring access to compromised systems.
Notable successes emerged from specific interventions.
In Senegal, rapid response prevented a BEC scam from redirecting USD 7.9 million from a major petroleum company after fraudsters impersonated executives and manipulated invoices; timely account freezes stopped the transfer.
Ghanaian investigators confronted a ransomware assault on a financial institution that encrypted around 100 terabytes of data and stole about USD 120,000.
Through advanced malware analysis and collaboration, they developed a decryption tool that recovered nearly 30 terabytes, leading to multiple arrests.
A joint Ghana-Nigeria action dismantled a transnational scam network that defrauded over 200 victims of more than USD 400,000 via fake fast-food websites and mobile apps impersonating legitimate brands.
This effort yielded 10 arrests, the seizure of over 100 digital devices, and the takedown of 30 fraudulent servers.
In Benin, officials shut down 43 malicious domains and more than 4,300 social media accounts tied to extortion and impersonation, resulting in over 100 arrests.
Private-sector partners played a pivotal role, providing blockchain tracing, malware analysis, IP tracking, and real-time infrastructure disruption.
Organizations such as TRM Labs, Team Cymru, The Shadowserver Foundation, Trend Micro, and Uppsala Security contributed essential intelligence that enabled swift action against cryptocurrency-based money laundering and commingled funds across wallets, mobile money, and traditional banking channels.
Neal Jetton, INTERPOL’s Director of Cybercrime, emphasized the broader implications.
“The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy. The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners, to protect livelihoods, secure sensitive personal data, and preserve critical infrastructure.”
Building on prior successes like Operation Serengeti, which netted over 1,200 arrests earlier in 2025, Sentinel demonstrates a maturing approach to combating transnational cyber threats.
As criminals adopt automation and advanced social engineering, sustained public-private partnerships and cross-border coordination remain essential to disrupt these adaptable networks and safeguard the continent’s digital future.