Operation Sentinel Strikes: Inside Africa’s Largest Cybercrime Dragnet

In the predawn hours across 19 African nations, law enforcement agents moved in - doors kicked down, servers seized, suspects cuffed. These weren’t scenes from a crime thriller, but the real-life climax of Operation Sentinel, a month-long cybercrime offensive led by INTERPOL that has rattled the continent’s digital underworld.

Fast Facts

• 574 suspects arrested in coordinated raids across 19 countries
• Over $3 million in stolen funds recovered from cybercriminals
• 6,000+ malicious links and 4,300+ fraudulent social media accounts dismantled
• Ransomware decryptors developed and 30TB of stolen data recovered in Ghana
• Operation Sentinel follows on the heels of Operation Serengeti 2.0, which netted over 1,200 arrests

From business email compromise (BEC) attacks on oil giants in Senegal to ransomware assaults crippling financial institutions in Ghana, Africa’s digital battleground has grown both lucrative and perilous. INTERPOL’s Operation Sentinel, conducted between October 27 and November 27, 2025, marks one of the largest cybercrime crackdowns in African history, with 574 arrests and thousands of criminal infrastructures dismantled.

One of the operation’s most dramatic moments unfolded in Senegal, where cybercriminals tried to siphon off $7.9 million from a major oil company. Law enforcement, tipped off in time, froze the accounts before the funds could vanish. In Ghana, a ransomware gang encrypted 100 terabytes of sensitive data and stole $120,000 from a financial institution. Not only were the perpetrators arrested, but forensic experts developed a custom decryptor, restoring 30TB of critical data.

But the threat landscape extended far beyond big business. International fraudsters from Ghana and Nigeria lured victims with fake fast-food websites, ultimately stealing over $400,000 from more than 200 unsuspecting customers. In Cameroon, investigators unraveled a car sale scam, quickly freezing the fraudsters’ accounts before they could cash out.

Benin saw one of the operation’s largest sweeps: 106 arrests, 43 malicious domains eliminated, and over 4,300 fraudulent social media accounts shuttered. Across the continent, more than 6,000 malicious links were neutralized, and experts from cybersecurity firms such as Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security joined forces with police to trace ransomware attacks and freeze criminal assets.

The scale of Operation Sentinel is unprecedented, but it’s only the latest in a series of high-stakes crackdowns. Just months earlier, Operation Serengeti 2.0 saw over 1,200 cybercrime suspects arrested and nearly $100 million recovered.

“Cyberattacks in Africa are becoming more widespread and sophisticated, especially against critical sectors like finance and energy,” INTERPOL warned. As the continent’s digital economy booms, so too does its exposure to global cybercrime networks. The message from Sentinel is clear: the fight for Africa’s cyberspace is just beginning - and the stakes have never been higher.

WIKICROOK

• Business Email Compromise (BEC): Business Email Compromise (BEC) is a scam where criminals hack or impersonate business emails to trick companies into sending money to fraudulent accounts.
• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Decryptor: A decryptor is a tool or program that restores access to files encrypted by ransomware, often developed and released by cybersecurity experts.
• Malicious Domain: A malicious domain is a website used by attackers to spread malware, steal data, or conduct scams, often by impersonating trusted sources.
• Digital Forensics: Digital forensics involves collecting and analyzing digital evidence to investigate cybercrimes, support law enforcement, and ensure data integrity in legal cases.