Stacks of computers lined the walls of the otherwise unremarkable room, their electronic hum a wash of white noise behind the voices of the dozens of people chatting into headsets. At first glance, it looked like an ordinary call center in the Global South, but the operators weren’t handling customer service or tech support: They were on the phone with their marks, trying to separate them from their life savings as part of a multimillion-dollar cyberscam operation — until the Zambian police burst in.
The authorities had spent months training for this moment and arrived prepared for anything. They left having disrupted a human trafficking network, taking with them 372 forged passports and 15 men in handcuffs — men connected to a massive investment scheme that had defrauded 65,000 people out of $300 million.
The raid in Zambia’s capital, Lusaka, in August 2025 became the centerpiece of Operation Serengeti 2.0. This transnational mission across 18 African countries revealed how two major transformations have happened in tandem: Cybercrime on the African continent has scaled into a mature, cross-border industry; and African governments have begun mounting equally sophisticated and coordinated responses.
In total, the cybercrime networks disrupted during Serengeti 2.0 were linked to nearly $485 million in financial losses from 88,000 victims — a takedown led by Interpol, funded by the United Kingdom, assisted by the Netherlands and executed by local law enforcement in the affected nations. Interpol, seeing that Africa was prepared to assert its authority over the cybercriminals who had victimized the continent for so long, assembled an international cybercrime-fighting dream team, successfully dismantled 11,432 networks, and seized or recovered nearly $100 million across the continent.
The scam that was taken down in Zambia worked like an investment firm with fake services. Perpetrators employed vulnerable, and likely trafficked, Zambians in their early 20s, ostensibly as call center agents. They did as they were told — dialed numbers, recited scripted lines and ultimately lured victims with too-good-to-be-true cryptocurrency profits. If they were persuasive enough, they’d get people on the other end of the line to do as they were told — download WhatsApp and Telegram, click links and type in their personal information. Once connected, perpetrators funneled users from as far away as Singapore, Peru and the United Arab Emirates toward a series of fake investment sites that looked real, complete with moving charts, increasing “balances” and accumulating “profits.” But it was all smoke and mirrors, designed to convince users that they were making money and encourage deposits while quietly blocking withdrawals.
This type of scam is just the latest iteration in a long development of cybercrime across Africa over the last 25 years. The continent has seen one of the world’s fastest digital expansions, and cyber criminals moved with agility and adaptability in the new and changing landscape, while governments, bogged down in a legal, budgetary and bureaucratic morass, couldn’t keep up. Every new mobile wallet, digital marketplace or hardware leap opened new avenues for entrepreneurship, whether aboveboard or not. “Whilst providing space for new development opportunities on the one hand, it is bringing emerging risks on the other,” said Yulia Schlychkova, the vice president of government affairs and policy at the Russian cybersecurity firm Kaspersky, of Africa’s rapid advance.
The problem was economic, legal and infrastructural. Governments lacked the cash and expertise to build cyber units at the speed necessary to be effective. The internet arrived overnight while the relevant laws and police forces took years to catch up — making sophisticated cybercrime nearly impossible to prosecute.
It would take decades for governments to build the capacity to begin dismantling these criminal rings. Serengeti 1.0, the first Interpol-led crackdown on the continent, only took place in late 2024. And while the policing has now made huge strides, in individual nations the legal frameworks for prosecuting these criminals are often wanting — or are being used as a dragnet to target political opponents, critics of the government or regular citizens as well.
Zambia’s 2025 Cyber Security Act, which was used to dismantle the scam center, was the first of its kind in the country and was passed mere months before the takedown. The bill, abruptly signed into law by President Hakainde Hichilema, has faced criticism for its opacity and broad scope — it includes vague language, particularly in a section that criminalizes the publication of “false information” that causes “public ridicule” or “damage to reputation.” It also enables authorities to conduct real-time surveillance on citizens and intercept communications without many procedural checks, a move that critics categorize as a human rights abuse. Many Zambians weren’t even aware of the law’s impacts until a U.S. Embassy social media advisory urged Americans in Zambia to “carefully assess the implications of this law and adjust accordingly,” warning of its “intrusive surveillance ecosystem.”
After identifying a surge in industrial-scale scams across the continent, and recognizing that African cybercrime units were finally equipped — legally and operationally — to act in concert, the question became: Who could pull off a crackdown of this scale? The answer didn’t come from any single country or tech company, but from a coalition — one assembled, trained and coordinated in harmony long before the first doors were kicked in.
Making up for lost time, investigators from across the continent participated in weeks of hands-on workshops, learning about intelligence tools, digital tracing techniques and the basics of data theft analysis. The training had a single practical goal in mind: ensuring that, once the operation began, cyber units from 18 countries could chase the same criminal networks in real time and speak the same investigative language without blowing their cover wide open.
“Cybercrime is a rapidly evolving, borderless issue, which means no single law enforcement agency can handle it alone,” said Shlychkova, whose firm identified digital clues and breadcrumbs that led Serengeti investigators to the heart of the operations. “Public agencies have the authority to investigate, seize assets and make arrests, but they lack the global visibility and real-time telemetry that private cybersecurity companies gather.”
The training was compiled by a coalition of specialized consultants and risk assessors from around the world, each contributing different slices of visibility into the criminal ecosystem and, together, forming the technical backbone of the operation.
“When Interpol requested assistance on a cryptocurrency investment network, our researchers uncovered the infrastructure behind it, identified new indicators and helped reveal a scheme that had already drawn in tens of thousands of victims,” Shlychkova told New Lines.
Serengeti also received support from the International Cyber Offender Prevention Network (InterCOP), a prevention-focused branch of law enforcement agencies from 36 countries led by the Netherlands, which flagged emerging threats before raids commenced. And the entire effort sat under the African Joint Operation Against Cybercrime, funded by the United Kingdom’s Foreign, Commonwealth and Development Office, effectively making it the most coordinated cybercrime takedown ever attempted on the continent. Interpol officials described the collaboration as a “healthy competition” among national cyber units, with each one eager to dismantle more malicious infrastructure than the last.
Once the groundwork was laid, investigators moved, and the results were, at times, stunning. TRM Labs, one of the cybersecurity partners, based in San Francisco, made a groundbreaking discovery when analysts identified the group behind scams coming out of Ghana as the infamous cybercrime gang, “Bl00dy,” which made headlines for attacking New York medical practices and K-12 schools through their printers. In a proud moment for Serengeti 2.0, TRM Labs’ work led to Ghanaian authorities arresting 68 members of the group.
“In many ransomware investigations, laundering is highly sophisticated,” TRM Labs’ vice president of policy and government affairs, Ari Redbord, told New Lines. “In this case, the laundering itself was lower volume and less technically advanced, which matched broader trends we often see emerging in parts of Africa. Consistent behavior made it possible to geographically associate specific Bl00dy affiliates to Ghana in a way that we don’t often get so cleanly.”
Just west of Ghana, in Cote d’Ivoire, authorities recovered documents, cash, jewelry and electronics after dismantling a scheme that swindled victims into sharing valuable items and personal information with scammers they thought were family members.
But not all of the victims in the scams taken down by Serengeti 2.0 were individuals. Across the Gulf of Guinea, the Angolan government raided 25 warehouses filled with high-powered machines running on massive amounts of siphoned state electricity to mine for cryptocurrency. Cryptomining factories like these don’t just steal from the state — they damage national grids, cause power outages and drain state resources. But the Angolan government has salvaged something useful from the wreckage, taking what had been used to exploit citizens and redirecting it toward their benefit with plans to repurpose these confiscated assets — valued at over $37 million — to support power distribution in underserved communities.
This ecosystem of criminals has evolved from scattered, small-scale fraud into a fully realized economy of its own, and what once looked like ad hoc scams now resemble corporate structures. This raises a larger question: What comes next?
Although Serengeti 2.0 proved that those fighting cybercrime could match the sophistication of the threat, ongoing enforcement will require them to keep that edge finely honed. As this region knows all too well, technology will continue to evolve and develop, and now that Africa is caught up, it must keep up. The next Serengeti might not be fought in call centers or mining warehouses, but in the shadows of the algorithm.
Serengeti 2.0 wasn’t just a crackdown; it was a turning point. It showed the world that a global epicenter of cybercrime might no longer simply be a place where scams originate, but where they’re defeated. And, increasingly, that is true in Africa.
“Spotlight” is a newsletter about underreported cultural trends and news from around the world, emailed to subscribers twice a week. Sign up here.