Regulation enforcement authorities in seven African international locations have arrested 306 suspects and confiscated 1,842 gadgets as a part of a world operation codenamed Crimson Card that occurred between November 2024 and February 2025.
The coordinated effort “goals to disrupt and dismantle cross-border felony networks which trigger important hurt to people and companies,” INTERPOL said, including it centered on focused cell banking, funding, and messaging app scams.
The cyber-enabled scams concerned greater than 5,000 victims. The international locations that participated within the operation embody Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo, and Zambia.
“The success of Operation Crimson Card demonstrates the facility of worldwide cooperation in combating cybercrime, which is aware of no borders and may have devastating results on people and communities,” Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, stated.
“The restoration of serious belongings and gadgets, in addition to the arrest of key suspects, sends a robust message to cybercriminals that their actions is not going to go unpunished.”
As a part of the crackdown, Nigerian police arrested 130 folks, together with 113 overseas nationals, for his or her alleged involvement in on-line on line casino and funding fraud. A number of the people working in rip-off facilities are stated to be victims of human trafficking, and compelled into finishing up unlawful schemes.
One other notable operation concerned the arrest of 40 folks by South African authorities and the seizure of greater than 1,000 SIM playing cards that have been used for large-scale SMS phishing assaults.
Elsewhere, Zambian officers apprehended 14 suspected members of a felony syndicate that hacked into victims’ telephones and gained unauthorized entry to their banking apps by putting in malware through SMS phishing hyperlinks. Group-IB said the malware enabled unhealthy actors to additionally achieve management over messaging functions, permitting them to propagate the fraudulent hyperlink to others.
Russian cybersecurity vendor Kaspersky noted that it shared with INTERPOL its evaluation of a malicious Android software that focused customers in African international locations together with info on associated infrastructure.
Additionally arrested have been 45 members of a felony community by Rwandan authorities for his or her involvement in social engineering scams that defrauded victims of greater than $305,000 in 2024. Of the stolen funds, $103,043 has been recovered and 292 gadgets seized.
“Their ways included posing as telecommunications staff and claiming faux ‘jackpot’ wins to extract delicate info and achieve entry to victims’ cell banking accounts,” INTERPOL stated. “One other methodology concerned impersonating an injured member of the family to ask kinfolk for monetary help in the direction of hospital payments.”
Information of the arrests comes weeks after INTERPOL announced a partnership with the African Improvement Financial institution Group to higher fight corruption, monetary crime, cyber-enabled fraud, and cash laundering within the area.
Earlier this month, the Royal Thai Police and the Singapore Police Pressure arrested a person chargeable for greater than 90 situations of knowledge leaks worldwide, together with 65 within the Asia-Pacific (APAC) area. The risk actor first emerged publicly on December 4, 2020, working beneath the aliases ALTDOS, mystic251, DESORDEN, GHOSTR, and 0mid16B.
The assaults concerned using SQL injection instruments, comparable to SQLmap, to achieve entry to delicate knowledge, adopted by deploying Cobalt Strike Beacons to keep up persistent management over compromised hosts.
“He focused internet-facing Home windows servers, particularly trying to find databases that contained private info,” Group-IB said in a report detailing the risk actor’s modus operandi. “After compromising these servers, he exfiltrated the sufferer’s knowledge and, in some circumstances, encrypted it on the compromised servers.”
The top aim of those assaults was monetary achieve, pressurizing victims into both paying a ransom or risking public publicity of their confidential knowledge. A number of entities from Bangladesh, Canada, India, Indonesia, Malaysia, Pakistan, Singapore, Thailand, and the U.S. had their knowledge leaked on darkish internet boards like CryptBB, RaidForums, and BreachForums.
“One persistent element throughout all 4 of his aliases was his methodology of publishing stolen knowledge screenshots,” Group-IB researchers famous. “No matter his rebranding, he persistently uploaded photographs instantly from the identical system, revealing a key operational fingerprint.”
The event additionally follows the arrest of almost a dozen Chinese language nationals who’ve been accused of perpetrating a brand new kind of tap-to-pay fraud that entails utilizing stolen bank card info to buy reward playing cards and launder funds.
