Authorities in Angola dismantled 25 illegal cryptocurrency mining centers operated by 60 Chinese nationals, which were siphoning electricity from the national grid. The operation drained critical power resources, destabilizing supply for vulnerable regions. Seized equipment including mining rigs and illicit power stations was valued at $37 million. The stolen electricity not only caused financial losses but also disrupted essential services, risking blackouts in key areas. The government plans to repurpose confiscated hardware to restore grid stability, but the incident exposed systemic vulnerabilities in Angola’s energy infrastructure, leaving it susceptible to further exploitation by cybercriminals. The attack indirectly threatened economic stability by straining public utilities and diverting resources from legitimate power distribution. While no direct data breach occurred, the operation’s scale and reliance on stolen state resources classify it as a cyber-enabled attack with broader infrastructural and financial repercussions.
Source: https://therecord.media/africa-interpol-cybercrime-crackdown
TPRM report: https://www.rankiteo.com/company/edf-international-networks
"id": "edf521082225",
"linkid": "edf-international-networks",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '88,000+',
'industry': 'Multiple (Finance, E-Commerce, General '
'Public)',
'location': 'Worldwide (88,000+ victims)',
'name': 'Victims of Cybercrime (Global)',
'type': 'Individuals/Businesses'},
{'industry': 'Energy',
'location': 'Angola',
'name': 'Angola Power Grid',
'type': 'Critical Infrastructure'},
{'customers_affected': '65,000',
'industry': 'Finance',
'location': 'Zambia',
'name': 'Zambia Cryptocurrency Investors',
'type': 'Individuals'},
{'industry': 'Finance',
'location': 'Nigeria',
'name': 'Nigeria Financial Sector',
'type': 'Institutions/Individuals'}],
'attack_vector': ['Phishing (BEC)',
'Fake Cryptocurrency Platforms',
'Ransomware Deployment',
'Exploitation of Weak Cybersecurity Standards',
'Coercive Scam Centers'],
'customer_advisories': ['Public Warnings on Fake Cryptocurrency Platforms '
'(Zambia)',
'Guidance on Identifying Business Email Compromise '
'Scams'],
'data_breach': {'personally_identifiable_information': 'Potential (forged '
'passports suggest PII '
'risk)'},
'date_publicly_disclosed': '2024-09-13',
'description': 'Authorities across Africa dismantled large-scale cybercrime '
'and fraud networks, arresting over 1,200 suspects involved in '
'ransomware attacks, online scams, and business email '
'compromise schemes. The operation, dubbed Serengeti 2.0, ran '
'from June to August 2024 and recovered nearly $97.4 million '
'stolen from over 88,000 victims worldwide. Key actions '
'included shutting down illegal cryptocurrency mining centers '
'in Angola, disrupting a $300 million investment fraud scheme '
'in Zambia, and seizing forged passports linked to human '
'trafficking. Interpol highlighted weak cybersecurity '
'standards in Africa as a major vulnerability, with West '
'Africa emerging as a hotspot for cybercrime compounds.',
'impact': {'brand_reputation_impact': ['Erosion of Trust in African '
'Financial/E-Commerce Sectors',
'Negative Perception of Cryptocurrency '
'Platforms'],
'customer_complaints': '88,000+ victims globally; 65,000 victims '
'in Zambia',
'financial_loss': '$97.4 million (recovered); $300 million (Zambia '
'scam); $37 million (Angola mining equipment)',
'identity_theft_risk': 'High (forged passports from 7 countries '
'seized)',
'legal_liabilities': ['Arrests of 1,200+ suspects',
'Prison Sentences for 9 Chinese Nationals '
'(Nigeria)',
'Potential Extradition or Legal Actions for '
'Transnational Crime'],
'operational_impact': ['Disruption of Illegal Mining Operations '
'(Angola)',
'Shutdown of Fraudulent Domains (Zambia)',
'Seizure of Forged Passports (Lusaka)'],
'payment_information_risk': 'High (bank accounts and mobile '
'numbers linked to scams seized)',
'revenue_loss': '$300 million (Zambia victims)',
'systems_affected': ['Cryptocurrency Platforms (Zambia)',
'Power Grid (Angola)',
'Banking and Government Institutions (General '
'Vulnerability)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (forged passports '
'and PII may be traded)',
'entry_point': ['Phishing Emails (BEC)',
'Fake Cryptocurrency Websites '
'(Zambia)',
'Exploitation of Weak Power Grid '
'Security (Angola)'],
'high_value_targets': ['Cryptocurrency Investors '
'(Zambia)',
'Power Grid Infrastructure '
'(Angola)',
'Financial Institutions '
'(Nigeria)']},
'investigation_status': 'Ongoing (Post-Operation Analysis; China-Nigeria '
'Working Group Proposed)',
'lessons_learned': ['Rapid technological growth in Africa outpaces '
'cybersecurity defenses, creating vulnerabilities.',
'Transnational collaboration (e.g., Interpol, local '
'authorities) is critical for dismantling large-scale '
'cybercrime networks.',
'Cryptocurrency and financial sectors are prime targets '
'due to weak oversight.',
'Coercive scam centers (similar to Southeast Asia) are '
'emerging in West Africa.',
'Illegal resource exploitation (e.g., power grid mining) '
'can have broader infrastructure impacts.'],
'motivation': ['Financial Gain',
'Exploitation of Vulnerable Populations (Scams, Trafficking)',
'Resource Theft (Power Grid, Cryptocurrency)'],
'post_incident_analysis': {'corrective_actions': ['Interpol-Led Multi-Country '
'Operations (e.g., '
'Serengeti 2.0)',
'Legal Prosecutions and '
'Asset Seizures',
'Proposals for Bilateral '
'Working Groups '
'(China-Nigeria)',
'Repurposing Confiscated '
'Assets for Public Use '
'(Angola)'],
'root_causes': ['Weak Cybersecurity Standards in '
'African Financial/Government '
'Sectors',
'Lack of Regulatory Oversight for '
'Cryptocurrency Operations',
'Transnational Crime Collaboration '
'(Local-foreign Syndicates)',
'Exploitation of Economic '
'Vulnerabilities (e.g., Power '
'Theft, Scam Victims)']},
'recommendations': ['Strengthen cybersecurity standards for banks, government '
'institutions, and critical infrastructure.',
'Enhance cross-border law enforcement cooperation to '
'combat transnational cybercrime.',
'Regulate cryptocurrency platforms to prevent fraud and '
'illegal mining.',
'Implement public awareness campaigns on online scams and '
'investment fraud.',
'Monitor and disrupt coercive scam centers in West '
'Africa.',
'Repurpose seized assets (e.g., mining equipment) for '
'public good (e.g., power distribution).'],
'references': [{'date_accessed': '2024-09-13',
'source': 'Interpol Press Release'},
{'source': 'Angola Government Statement on Cryptocurrency '
'Mining Raids'},
{'source': 'Zambia Police Report on Investment Fraud Scheme'},
{'source': "Nigeria Court Ruling on Chinese Nationals' "
'Sentencing'}],
'regulatory_compliance': {'legal_actions': ['Arrests and Prosecutions (1,200+ '
'suspects)',
'Prison Sentences (9 Chinese '
'Nationals in Nigeria)',
'Asset Seizures (Equipment, '
'Domains, Bank Accounts)'],
'regulations_violated': ['Local Cybercrime Laws '
'(Angola, Zambia, Nigeria)',
'Financial Fraud '
'Regulations',
'Human Trafficking and '
'Forgery Laws (Zambia)',
'Illegal Cryptocurrency '
'Mining (Angola)'],
'regulatory_notifications': 'Interpol Public '
'Advisory (August 2024 '
'on West Africa '
'Cybercrime)'},
'response': {'communication_strategy': 'Public Disclosure by Interpol '
'(September 13, 2024)',
'containment_measures': ['Shutdown of 25 Illegal Cryptocurrency '
'Mining Centers (Angola)',
'Seizure of Mining/IT Equipment ($37M)',
'Disruption of Fraudulent Domains '
'(Zambia)',
'Arrest of 1,200+ Suspects',
'Confiscation of Forged Passports '
'(Lusaka)'],
'enhanced_monitoring': 'Interpol Warning on West Africa '
'Cybercrime Hotspot',
'incident_response_plan_activated': 'Yes (Operation Serengeti '
'2.0 by Interpol and African '
'Authorities)',
'law_enforcement_notified': 'Yes (Multi-Country Law Enforcement)',
'recovery_measures': ['Recovery of $97.4M in Stolen Funds',
'Restoration of Power Grid Stability '
'(Angola)'],
'remediation_measures': ['Repurposing Seized Equipment for Power '
'Distribution (Angola)',
'Legal Prosecutions (e.g., 9 Chinese '
'Nationals Sentenced in Nigeria)',
'Proposed China-Nigeria Working Group '
'on Cybercrime'],
'third_party_assistance': 'Interpol Coordination'},
'stakeholder_advisories': ['Interpol Warning on West Africa Cybercrime '
'Hotspot (August 2024)',
'Angola Government Advisory on Power Grid '
'Exploitation',
'Zambia Financial Regulator Alert on '
'Cryptocurrency Scams'],
'threat_actor': [{'affiliation': 'Transnational Cybercrime Networks',
'name': 'Unnamed Cybercrime Syndicates',
'nationality': ['Chinese (Angola, Nigeria)',
'Local Collaborators (Zambia, Nigeria)'],
'type': 'Organized Crime Groups'},
{'name': 'Chinese Nationals (Angola)',
'nationality': 'Chinese',
'type': 'Illegal Cryptocurrency Mining Operators'},
{'name': 'Scam Operators (Zambia)',
'type': 'Investment Fraud Syndicate'},
{'name': 'Human Trafficking Network (Lusaka, Zambia)',
'type': 'Forgery and Trafficking Ring'},
{'affiliation': 'Recruitment of Local Nigerians',
'name': 'Chinese Nationals (Nigeria)',
'nationality': 'Chinese',
'type': 'Online Fraud Syndicate'}],
'title': 'Dismantling of Large-Scale Cybercrime and Fraud Networks in Africa '
'(Operation Serengeti 2.0)',
'type': ['Cybercrime Network Dismantling',
'Ransomware',
'Online Scams',
'Business Email Compromise (BEC)',
'Cryptocurrency Fraud',
'Human Trafficking',
'Illegal Cryptocurrency Mining'],
'vulnerability_exploited': ['Weak Cybersecurity Standards in Financial and '
'E-Commerce Sectors',
'Lack of Regulatory Oversight in Cryptocurrency '
'Operations',
'Critical Infrastructure Vulnerabilities (e.g., '
'Power Grid Exploitation)']}