Asian cybercrime syndicates expand to Africa

also ft all of Meta's regulatory problem

and

May 03, 2025

Hi there, this week we’re having a “we told you so” moment following UNODC report detailing how Southeast Asian pig butchering syndicates are foraying into Africa in response to crackdowns.

More below.

— Olatunji

HIGHLIGHTS

Pig butchering syndicates move across the world, especially Africa

We, and everyone with a nose in international cybercrime, have long speculated that Southeast Asian syndicates were foraying into new territories, especially Africa. The headlines had been there for a while now, but a new report by the United Nations Office on Drugs and Crime (UNODC) finally cements this speculation. According to the UNODC, the expansion has followed a collective crackdown on cybercrime across the region. Asian-led scam centers are popping up at alarming rates in Africa, South Asia, the Middle East, and select Pacific islands, along with accompanying money laundering facilities, human trafficking, and shady recruitment services discovered everywhere, including the Global North.

For Africa, this translates to several critical threats, one of the most key being that it feeds an increased volume and sophistication of cybercrime. Asian cybercrime networks run an advanced knowledge, tool, and service market, as opposed to African networks who have functioned more on social trust and word-of-mouth. While many African countries already with domestic cybercrime, the influx of these syndicates bring industrial-scale operations specializing in devastatingly effective scams that integrate and iterate much faster than most law enforcements are used to. Asian syndicates were among the first globally to leverage advanced technologies like AI, deepfakes, and sophisticated money laundering networks.

The UNODC report suggests these syndicates actively seek out jurisdictions with weaker regulatory frameworks, less robust law enforcement capacity, and gaps in cybersecurity infrastructure. Several African nations fit this profile, making them attractive targets not just for victimizing locals but for establishing operational hubs to target global victims. It also compounds on existing issues like human trafficking, corruption, and money laundering.

Traditionally, the motivation for most of Africa’s cybercrime has been financial. Asian syndicates are known to pursue a broader basket including gang violence and sociopolitical interests. Beyond economic devastations, there’s a more than modest chance that it will interfere in already delicate political situations across the continent.

Some of the most affected countries listed by the report include Nigeria, Zambia, Angola, Libya, Namibia, and Kenya.

The most effective way to fight crime like this would be through enhanced international and regional cooperation. It might also present a new foe for Interpol’s African Joint Operation Against Cybercrime. It’s likely that policies such as the Budapest Convention and the UN Convention against Transnational Organized Crime will play key parts in this future.

Africa’s largest telecoms network suffers a data breach

You’ve probably seen this one everywhere; MTN, arguably Africa’s largest telecom company, confirmed a data breach on the 24th of April. In proper African fashion, there are a lot of crucial details we still do not know. MTN did not disclose exactly how many people or countries have been affected. They’ve also not stated the motivations of the threat actors or what exactly their response actions have consisted of.

The breach, as disclosed by MTN, essentially was unauthorized access to consumer data. Actors did not gain access to the companies’ systems, and MTN said it has since notified regulators in all concerned countries. Contrary to most claims, MTN said Nigeria was unaffected by this breach. Though they did not mention who specifically was affected, speculation points especially towards South Africa and Ghana, where MTN is reported to have informed the police and is under investigation for possibilities of having violating data protection laws, respectively.

While this breach might seem like just a violation of data protection, history has shown that data breaches often lead to direct attacks with economic repercussions down the line. An example is in South Africa, where data stolen during a data breach years ago was used to apply for false social benefits, as reported earlier this year. With the recent drive to connect SIM cards to central national identities, which are also connected to financial services, there’s an assumption that the quality of data breach is high enough to have even worse repercussions socioeconomically. Threat actors can also easily leverage social engineering to access customers’ mobile money accounts, whose use has increased across the continent.

Africa's cybersecurity readiness remains low in many regions due to limited legislation, outdated infrastructure, and a shortage of skilled professionals. Attacks like this expose shaky consumer trust, which is vital for digital economies to flourish. There’s also an underdevelopment of geopolitical significance. As we’ve mentioned in too many issues, African countries are increasingly becoming targets for cybercrime due to less rigid security frameworks and a high rate of digitization.

Recounting all of Meta’s regulatory woes in Africa

Last week, A Nigerian tribunal upheld the $220 million fine on Meta, then asked the tech company to pay an additional $35,000 as investigation costs, then the Guardian reported that the tech company was facing a lawsuit on the impact of extreme content on contract moderators in the country. In February, South African authorities ordered an investigation into alleged anti-competition behavior, not unlike the FTC lawsuit it is also facing in the U.S. In Ethiopia, it also faces a $1.8 billion lawsuit over hate speech and violence.

In past issues, we’ve covered the push and pull of Meta’s regulatory problem in Africa, but not in context of a global crackdown. It’s pretty simple, tech platforms have grown more powerful, yet more irresponsible. It’s so big a problem that is essentially philosophical.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

Following the Nigerian Securities and Exchange Commission’s (SEC) classification of certain cryptocurrencies and tokens as securities, these digital assets are now recognized for everyday transactions. Concerns stem from the often-opaque validation processes, the high potential for fraud, and the reality that many crypto projects are created and managed by anonymous developers or decentralized communities with no physical presence in Nigeria. Read further

Meta is facing its second lawsuit in Africa over the psychological harm experienced by content moderators tasked with removing highly disturbing content—including depictions of murder, extreme violence, and child sexual abuse. Read here.
Meta may be forced to permanently shut down Facebook and Instagram services in Nigeria due to mounting legal challenges, according to recent court documents. The company faces fines totaling over $290 million (£218 million) imposed by three Nigerian oversight agencies for alleged violations of various laws and regulations. Read here.
AFRINIC, the African Network Information Centre, has set July 3, 2025, as the date for its long-awaited board elections, marking a key step toward restoring stability after years of internal disputes, legal battles, and financial troubles. Read here.

HEADLINES

ACROSS THE WORLD

OPPORTUNITIES

Cybersecurity Summit Financial Services 2025

A guest post by

Olatunji Alameen

Data Analyst. A researcher and word builder.