Kaspersky has contributed to INTERPOL’s Africa Cyber Surge Operation (ACSO) by sharing data, comprising of indicators of compromise (IoCs) on various cyber threats and types of cybercriminal activity targeting African countries. This evidence provided the grounds for a series of operational and investigative activities against the threat actors behind the cybercrimes and their malicious infrastructure.
“The Africa Cyber Surge Operation, launched in July 2022, has brought together law enforcement officials from 27 countries, working together for almost four months on actionable intelligence provided by INTERPOL private partners. This intelligence focused on opportunities to prevent, detect, investigate and disrupt cybercrime through coordinated LE activities utilising INTERPOL platforms, tools, and channels.
This operation focused both on cyber criminals and compromised network infrastructure in Africa, allowing member countries to identify more than 1,000 malicious IP addresses, Dark Web Markets, and individual threat actors, enhancing cooperation between INTERPOL, AFRIPOL and the member countries, and contributing to connecting policing for a safer world,” said Craig Jones, Director Cybercrime Directorate.
The threat intelligence data was shared with INTERPOL as part of the agency’s long-standing Gateway project, which encourages the partnership between law enforcement and private industry players to accumulate threat data from multiple sources enabling police authorities to prevent attacks.
Based on the information shared by Kaspersky together with the rest of Gateway project partners, 28 cyber activity reports were drafted. They highlighted a range of threats targeting the African continent and outlined recommended actions to be taken by the national authorities, paving the way for the ACSO.
The ACSO was initiated by INTERPOL’s Cybercrime Directorate and INTERPOL Support Program for the African Union (ISPA) and was carried out in collaboration with the AFRIPOL police agency and the African member countries. The operation was coupled with a cyber investigation training event which was held from July 18 to August 5, 2022, in Rwanda.
Kaspersky supported INTERPOL’s operation by helping the agency to identify the malicious infrastructure hosted within African countries with the view to future takedown actions by the responsible bodies. The information shared by the company was gathered with the help of Kaspersky’s Threat Research, Security Services, and Global Research and Analysis Team (GReAT) analysts. It included:
- IoCs on phishing, malware and botnet campaigns
- Ransomware C&C servers’ IP addresses
- IP addresses linked to the malicious infrastructure within the African continent
- IP addresses, from which phishing and spam emails were sent out
- List of scam and phishing websites
The ASCO course identified unsophisticated cybercriminals and infrastructure compromised as part of their criminal activities. As a result, cyberattack enablers, including malware-hosting or distribution servers, phishing websites and compromised IP addresses were taken down and cleaned.
“Kaspersky has always seen international cooperation as a key element of the effective fight against borderless cybercrime and has been working closely with its partners, including INTERPOL, to disrupt malicious activities of threat actors worldwide. We are happy to be a part of INTERPOL’s ACSO and, together with other participants, help African countries tackle the cybercrime threat. The successful operation boosts the role of collaborative efforts in combating cyber offences and achieving greater cybersecurity,” commented Genie Gan, the Head of Public Affairs and Government Relations for Asia Pacific & Middle East, Turkey and Africa at Kaspersky.
In 2019, Kaspersky and INTERPOL signed a five-year cooperation agreement, under which the company committed to providing human resources support, training, and threat intelligence data on the latest cybercriminal activities to the law enforcement agency. Since the document was signed, the two parties have been further advancing the cooperation by jointly preventing cybercrime and raising awareness on acute cyber threats through collaboration in the cybersecurity industry.