INTERPOL Operation Sentinel: 574 Arrested in Africa-Wide Cybercrime Crackdown

Law enforcement agencies across 19 African countries arrested 574 suspects and recovered approximately $3 million in a coordinated cybercrime operation that ran from late October through late November 2025. Operation Sentinel targeted business email compromise, ransomware, and digital extortion—crimes that collectively caused estimated losses exceeding $21 million.

TL;DR

• What happened: INTERPOL-coordinated operation resulted in 574 arrests across 19 African nations
• Who's affected: Cybercriminal networks operating BEC, ransomware, and extortion schemes
• Severity: Major enforcement action disrupting criminal infrastructure
• Action required: Organizations should maintain vigilance against BEC and verify unusual payment requests

Operation Scope

Operation Sentinel ran from October 27 to November 27, 2025, under INTERPOL's African Joint Operation against Cybercrime (AFJOC) framework. Participating countries spanned the continent:

Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe.

Beyond arrests, the operation achieved:

• $3 million recovered
• 6,000+ malicious links taken down
• Six ransomware variants decrypted

Notable Cases

Senegal: $7.9 Million BEC Attempt Thwarted

A major petroleum company discovered fraudsters had infiltrated its internal email systems. The attackers impersonated executives to authorize a fraudulent wire transfer of $7.9 million. Detection came before funds transferred.

Ghana: Ransomware Decryption Success

A Ghanaian financial institution suffered a ransomware attack that encrypted 100 terabytes of data and resulted in theft of approximately $120,000. Ghanaian authorities conducted malware analysis, identified the ransomware strain, and developed a decryption tool that recovered nearly 30 terabytes of data.

Benin: Social Media Fraud Networks Dismantled

Authorities took down 43 malicious domains and shut down 4,318 social media accounts linked to extortion schemes and scams. The operation led to 106 arrests in Benin alone.

Africa's Cybercrime Challenge

Africa has become both a target and origin point for cybercrime. Rapid internet adoption, expanding mobile banking, and growing digital economies create opportunities for legitimate commerce—and for criminals.

Business email compromise has proven particularly effective in regions where large wire transfers are common but verification procedures remain informal. Attackers exploit the gap between modern communication tools and traditional business relationships built on trust.

Ransomware operators increasingly target African financial institutions, which may lack the backup infrastructure and incident response capabilities of larger global banks. The Ghana case demonstrates both the impact of such attacks and the growing capability of African law enforcement to respond.

International Cooperation

Operation Sentinel drew on funding from the UK's Foreign, Commonwealth and Development Office and technical support from the EU-Council of Europe GLACY-e project. Private sector partners contributed intelligence and analysis:

• Team Cymru
• The Shadowserver Foundation
• Trend Micro
• TRM Labs
• Uppsala Security

This public-private cooperation model mirrors successful operations in Europe and the Americas. Intelligence sharing between commercial threat researchers and law enforcement enables faster identification of criminal infrastructure.

Why This Matters

African cybercrime operations don't stay in Africa. BEC schemes originating on the continent target businesses worldwide. Ransomware variants developed or operated from African nations encrypt systems globally.

Strengthening enforcement capacity across Africa benefits organizations everywhere. Arrests disrupt criminal networks, while technical capabilities like ransomware decryption reduce attackers' leverage.

The operation also demonstrates growing sophistication among African law enforcement agencies. Building malware analysis capabilities locally, rather than depending entirely on international partners, creates sustainable capacity for future investigations.

Frequently Asked Questions

Does this affect cybercrime targeting my organization?

Directly, probably not—unless your attackers happened to be among those arrested. The operation disrupts specific criminal networks but doesn't eliminate the broader BEC and ransomware threats. These crimes remain highly profitable and will continue.

What should my organization do differently?

Verify unusual payment requests through established channels—not email. Call known phone numbers, not numbers provided in the suspicious message. Train finance staff to recognize BEC tactics and establish multi-person approval for large transfers.

Will there be follow-up operations?

AFJOC has conducted multiple operations since its establishment. Operation Sentinel is the latest in an ongoing effort, and additional coordinated actions are likely. Law enforcement typically doesn't announce operations in advance.