Two dozen arrested, hundreds of malicious IPs taken down in African cybercrime operation

An international law enforcement operation spanning more than two dozen African countries led to 14 arrests and the takedown of hundreds of malicious IP addresses and malware hosters, Interpol said Friday.

Africa Cyber Surge II — led by Interpol and supported with information from Group-IB, Trend Micro, Kaspersky and Coinbase — launched in April 2023 and focused on identifying cybercriminals and compromised infrastructure, Interpol said in a statement.

The private sector reports supporting the operation included information on 3,786 malicious command and control servers, 14,134 victim IP addresses linked to data stealer cases, 1,415 phishing links and domains, 939 scam IPs and more than 400 other malicious URLs, IPs and botnets, according to the statement.

The various cybercrime and fraud operations, including fraudulent art sales and money mule operations, were linked to financial losses of more than $40 million, according to Interpol.

The first Africa Cyber Surge operation, carried out between July and November 2022, included 10 arrests linked to various scams and alleged fraud worth roughly $800,000, a takedown of a Eritrean-based dark net market selling hacking tools and “actions taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa,” the Singapore-based Group-IB said in a statement at the time.

Authorities in 25 countries participated in the operation. Interpol’s Cybercrime Directorate worked alongside Afripol, which coordinates police operations across the African Union, to lead the law enforcement effort.