Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025.
The coordinated effort “aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses,” INTERPOL said, adding it focused on targeted mobile banking, investment, and messaging app scams.
The cyber-enabled scams involved more than 5,000 victims. The countries that participated in the operation include Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo, and Zambia.
“The success of Operation Red Card demonstrates the power of international cooperation in combating cybercrime, which knows no borders and can have devastating effects on individuals and communities,” Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, said.
“The recovery of significant assets and devices, as well as the arrest of key suspects, sends a strong message to cybercriminals that their activities will not go unpunished.”
As part of the crackdown, Nigerian police arrested 130 people, including 113 foreign nationals, for their alleged involvement in online casino and investment fraud. Some of the individuals working in scam centers are said to be victims of human trafficking, and forced into carrying out illegal schemes.
Another notable operation involved the arrest of 40 people by South African authorities and the seizure of more than 1,000 SIM cards that were used for large-scale SMS phishing attacks.
Elsewhere, Zambian officials apprehended 14 suspected members of a criminal syndicate that hacked into victims’ phones and gained unauthorized access to their banking apps by installing malware via SMS phishing links. Group-IB said the malware enabled bad actors to also gain control over messaging applications, allowing them to propagate the fraudulent link to others.
Russian cybersecurity vendor Kaspersky noted that it shared with INTERPOL its analysis of a malicious Android application that targeted users in African countries along with information on related infrastructure.
Also arrested were 45 members of a criminal network by Rwandan authorities for their involvement in social engineering scams that defrauded victims of more than $305,000 in 2024. Of the stolen funds, $103,043 has been recovered and 292 devices seized.
“Their tactics included posing as telecommunications employees and claiming fake ‘jackpot’ wins to extract sensitive information and gain access to victims’ mobile banking accounts,” INTERPOL said. “Another method involved impersonating an injured family member to ask relatives for financial assistance towards hospital bills.”
News of the arrests comes weeks after INTERPOL announced a partnership with the African Development Bank Group to better combat corruption, financial crime, cyber-enabled fraud, and money laundering in the region.
Earlier this month, the Royal Thai Police and the Singapore Police Force arrested an individual responsible for more than 90 instances of data leaks worldwide, including 65 in the Asia-Pacific (APAC) region. The threat actor first emerged publicly on December 4, 2020, operating under the aliases ALTDOS, mystic251, DESORDEN, GHOSTR, and 0mid16B.
The attacks involved the use of SQL injection tools, such as SQLmap, to gain access to sensitive data, followed by deploying Cobalt Strike Beacons to maintain persistent control over compromised hosts.
“He targeted internet-facing Windows servers, specifically searching for databases that contained personal information,” Group-IB said in a report detailing the threat actor’s modus operandi. “After compromising these servers, he exfiltrated the victim’s data and, in some cases, encrypted it on the compromised servers.”
The end goal of these attacks was financial gain, pressurizing victims into either paying a ransom or risking public exposure of their confidential data. Several entities from Bangladesh, Canada, India, Indonesia, Malaysia, Pakistan, Singapore, Thailand, and the U.S. had their data leaked on dark web forums like CryptBB, RaidForums, and BreachForums.
“One persistent detail across all four of his aliases was his method of publishing stolen data screenshots,” Group-IB researchers noted. “Regardless of his rebranding, he consistently uploaded images directly from the same device, revealing a key operational fingerprint.”
The development also follows the arrest of nearly a dozen Chinese nationals who have been accused of perpetrating a new type of tap-to-pay fraud that involves using stolen credit card information to purchase gift cards and launder funds.
