Authorities in seven African countries have arrested 306 suspects and seized 1,842 devices in an international operation targeting cyber attacks and cyber-enabled scams.
The arrests were made as part of Operation Red Card (conducted from November 2024 – February 2025) which aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses. In particular, the operation targeted mobile banking, investment and messaging app scams. The cases uncovered during the operation involved more than 5,000 victims.
As part of the crackdown, Nigerian police arrested 130 people, including 113 foreign nationals, for their alleged involvement in cyber-enabled scams such as online casino and investment fraud. The suspects, who converted proceeds to digital assets to conceal their tracks, were recruited from different countries to run the illegal schemes in as many languages as possible. Nigerian authorities have established that some of the people working in the scam centres may also be victims of human trafficking, forced or coerced into criminal activities. Overall, the investigation led to the seizure of 26 vehicles, 16 houses, 39 plots of land and 685 devices.
In a significant case from South Africa, authorities arrested 40 individuals and seized more than 1,000 SIM cards, along with 53 desktops and towers linked to a sophisticated SIM box fraud scheme. This setup, which reroutes international calls as local ones, is commonly used by criminals to carry out large-scale SMS phishing attacks.
In Zambia, officers apprehended 14 suspected members of a criminal syndicate that hacked into victims’ phones. The scam involved sending a message containing a malicious link which, when clicked, installed malware to the device. This allowed hackers to take control of the messaging account, and ultimately the phone, giving them access to banking apps. The hackers were also able to use the victim’s messaging apps to share the malicious link within conversations and groups, enabling the scam to spread.
During the operation, Rwandan authorities arrested 45 members of a criminal network for their involvement in social engineering scams that defrauded victims of over $305,000 in 2024 alone. Their tactics included posing as telecommunications employees and claiming fake ‘jackpot’ wins to extract sensitive information and gain access to victims’ mobile banking accounts. Another method involved impersonating an injured family member to ask relatives for financial assistance towards hospital bills. Overall, $103,043 was recovered and 292 devices were seized.
Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, said: “The success of Operation Red Card demonstrates the power of international cooperation in combating cybercrime, which knows no borders and can have devastating effects on individuals and communities. The recovery of significant assets and devices, as well as the arrest of key suspects, sends a strong message to cybercriminals that their activities will not go unpunished.”
Ahead of the operation, countries exchanged criminal intelligence on key targets. This intelligence was enriched by INTERPOL with insights into criminal modus operandi using data from its private sector partners – Group-IB, Kaspersky and Trend Micro.
The seven participating countries were Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia.
To support the operation, Kaspersky contributed its threat intelligence data to to aid the law enforcement action that aimed to disrupt cross-border criminal networks across the African region that cause significant harm to individuals and businesses.
Kaspersky shared with INTERPOL the results of an analysis of samples of a malicious Android application that targeted users in African countries along with the data on related infrastructure.
Altogether, the cybercriminal cases uncovered by the Red Card participants have preyed on more than 5,000 people. Among operation highlights were:
- Nigeria: Nigerian police arrested 130 people, including 113 foreign nationals, for their alleged involvement in cyber-enabled scams such as online casino and investment fraud. The suspects, who converted proceeds to digital assets to conceal their tracks, were recruited from different countries to run the illegal schemes in as many languages as possible.
- Zambia: Officers apprehended 14 suspected members of a criminal syndicate that hacked into victims’ phones. The scam involved sending a message containing a malicious link which, when clicked, installed malware on the device. This allowed hackers to take control of the messaging account, and ultimately the phone, giving them access to banking apps. The hackers were also able to use the victim’s messaging apps to share the malicious link within conversations and groups, enabling the scam to spread.
- Rwanda: Rwandan authorities arrested 45 members of a criminal network for their involvement in social engineering scams that defrauded victims of over $305,000 in 2024 alone. Their tactics included posing as telecommunications employees and claiming fake ‘jackpot’ wins to extract sensitive information and gain access to victims’ mobile banking accounts. Another method involved impersonating an injured family member to ask relatives for financial assistance towards hospital bills.
- South Africa: Local authorities arrested 40 individuals and seized more than 1,000 SIM cards, along with 53 desktops and towers linked to a sophisticated SIM box fraud scheme. This setup, which reroutes international calls as local ones, is commonly used by criminals to carry out large-scale SMS phishing attacks.
Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, said: “The success of Operation Red Card demonstrates the power of international cooperation in combating cybercrime, which knows no borders and can have devastating effects on individuals and communities. The recovery of significant assets and devices, as well as the arrest of key suspects, sends a strong message to cybercriminals that their activities will not go unpunished.”
“Kaspersky is proud to be part of this collaborative effort led by INTERPOL. The evolving threat landscape in Africa requires a multi-stakeholder dialogue and joint efforts of public and private organisations to address the cybersecurity challenges the region faces today. The Red Card operation is a notable example of such cooperation, showcasing how the expertise of private companies coupled with extensive investigative capacities of law enforcers can foster a more cyber-resilient environment,” comments Yuliya Shlychkova, the VP, Global Public Affairs, Kaspersky.
Kaspersky and INTERPOL have a vast record of joint operations aimed at combating cybercrime in the African region, with Kaspersky having supported two editions of INTERPOL’s Africa Cyber Surge operations. Just recently, Kaspersky was also a contributor to INTERPOL’s joint action with AFRIPOL, which last year became the company’s official partner in fostering a more cybersafe climate across Africa. This partnership focuses on sharing Kaspersky’s extensive data on local cyberthreats and cybercrime trends in the region.
The operation was delivered through INTERPOL’s African Joint Operation against Cybercrime (AFJOC), an initiative funded by the UK’s Foreign, Commonwealth & Development Office.
Be the first to comment