Multinational Cyber Investigation Disrupts Thousands of Illicit Networks

Operation Africa Cyber Surge II spanned 25 African countries, led to the arrest of 14 suspected cybercriminals, and identified 20,674 suspicious cyber networks linked to financial losses of more than $40 million USD.

INTERPOL and AFRIPOL coordinated the four-month operation, which began April 2023, and they focused on identifying cybercriminals and compromised infrastructure, according to an INTERPOL announcement.

“The operation sought to facilitate communication, provide analysis, and share intelligence between countries, streamlining cooperation between African law enforcement agencies to prevent, mitigate, investigate, and disrupt cyber extorsion, phishing, business email compromise, and online scams,” Interpol explained. “By leveraging actionable private sector intelligence, it underlined how cybersecurity is most effective when international law enforcement, national authorities, and private sector partners cooperate to share best practices and proactively combat cybercrime.”

Private sector reports supporting the operation included intelligence on 3,786 malicious command-and-control servers, 14,134 victim IP addresses linked to data theft cases, 1,415 phishing links and domains, 939 scam IPs, and more than 400 other malicious URLs, IPs, and botnets.

The investigation uncovered multiple fraud operations with cyber components, including fraudulent art sales and money mule operations. In Cameron, three suspects were arrested in relation to an online scam involving the fraudulent sale of artwork. Two alleged money mules were arrested in Mauritius. Kenyan authorities took down 615 malware hosters.

“The Africa Cyber Surge II operation has led to the strengthening of cybercrime departments in member countries, as well as the solidification of partnerships with crucial stakeholders, such as computer emergency response teams and Internet Service Providers. This will further contribute to reducing the global impact of cybercrime and protecting communities in the region,” said Jürgen Stock, INTERPOL secretary general, in the press release.

The operation demonstrated the strong link between financial crime and cybercrime, enabling law enforcement agencies to adopt a “follow the money” approach when investigating online crimes, according to the press release.

This approach—and the connection between digital and financial crimes—has proven useful when tracking down criminals who leverage digital currency to try and cover their tracks, as noted in a Security Management report on cryptocurrency today.

Cryptocurrency use isn't anonymous, but it is largely unregulated, making these digital currencies popular financial workarounds for criminal actors seeking to hide ill-gotten gains or confuse investigators. https://t.co/ZUaMxlZCyZ

— Security Management (@SecMgmtMag) August 21, 2023

“U.S. law enforcement agencies have detected an increase in the use of virtual assets to pay for online drugs or to launder the proceeds of drug trafficking, fraud, and cybercrime, including ransomware attacks,” according to the 2022 National Money Laundering Risk Assessment by the U.S. Department of the Treasury.

“It’s an alternative way to pay for traditional acts of crime,” says Celina Realuyo, lecturer at The George Washington University and expert in counterterrorism and threat finance issues in the Americas, in an interview with Security Management.