Trend Micro, INTERPOL route out African cybercrime

Trend Micro's tight collaboration with INTERPOL on the organisation's Africa Cyber Surge II operation has resulted in the identification of criminal syndicates.

Through the joint efforts of security firm Trend Micro and INTERPOL, more than 20,000 suspicious cybercrime networks spanning 25 African countries have been identified.


Trend Micro revealed yesterday that its tight collaboration with INTERPOL on the organisation's Africa Cyber Surge II operation has resulted in the identification of criminal syndicates.

Following a successful campaign to combat cybercrime on the continent last year, the policing alliance announced a four-month follow-up, starting in April 2023.

According to Trend Micro, law enforcement officers from 25 countries took part in the exercise, which was organised by the INTERPOL Africa Cybercrime Operations Desk and the INTERPOL Support Programme for the African Union.

Police made 14 arrests and discovered more than 20,674 suspicious cybercrime networks, linked to over $40 million in losses.

Trend Micro was able to share information on 3,786 malicious command and control servers, 4,134 victim IPs associated to data stealer instances, 1,415 phishing links and domains, 939 scam IPs, and over 400 other malicious URLs, IPs, and botnets with alliance partners.

Furthermore, according to the cyber security firm, the information it supplied to investigators provides insights into current patterns in the African threat landscape.

Trend Micro said its team uncovered the malicious infrastructure of 1,500 malicious IP addresses.

“These were located mainly in South Africa (57%), Egypt (14%), the Seychelles (5%), Algeria (5%) and Nigeria (4%). These IPs were linked to notorious malware families including Quakbot and Emotet, which are key enablers of ransomware and other threats,” said the company.

It further revealed that in the first quarter of 2023, about 200,000 detections of malicious traffic were linked to scams (44%), malware (25%), phishing (17%), and command-and-control servers (13%). Many of them, according to Trend Micro, were supported by bulletproof hosting providers in the Seychelles (140,000 detections) and South Africa (56,000).

Furthermore, the organisation claims to have discovered information concerning well-known offshore bulletproof hosters, such as 1337team Limited (48%), Petersburg Internet Network Ltd (19%), and Flokinet Ltd (13%).

In addition, Trend Micro discovered information on the ELITETEAM bulletproof hoster situated in the Seychelles, which Trend Micro linked to threat activities including Redline Stealer, Agent Tesla, Azorult Stealer, and Racoon Stealer, as well as generic ransomware and backdoors.

Emmanuel Tzingakis, technical Lead, African Cluster at Trend Micro, said: “There is often a misconception around how threat actors are not present on the continent. But it would be a mistake to underestimate cybercriminals in Africa.

“In fact, it’s become critical for organisations in both the public and private sectors to work together to fight against the growing onslaught of malicious online activity.

“The African Surge operation is a testament to what can be achieved when cybersecurity vendors and law enforcers work together to disrupt cybercrime networks.”

Read more