What defined African infosec in 2025?

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Part Two: Exploitation, influence, and security

Part One examined how access to the internet expanded, fractured, and came under strain across Africa in 2025. Part Two looks at what followed once that access existed. As connectivity spread, it became a new terrain of political competition, manipulation, and control.

From election interference and AI-driven disinformation to digital repression, cybercrime, and the growing role of both state and non-state actors, 2025 demonstrated how the internet itself has become a contested space. This part examines how those vulnerabilities were exploited, who stood to gain, and how power increasingly shifted through networks, platforms, and data.

• Electoral disinformation

Electoral disinformation emerged as one of the most destabilising forces in African politics in 2025, undermining public trust and political stability. In Cameroon and the Ivory Coast, coordinated false narratives circulated on social media, amplified by supporters of both ruling and opposition parties. In Cameroon, these campaigns deepened public scepticism towards the integrity of the voting process, compounding concerns rooted in disinformation-linked controversies from previous election cycles. In general, the intentional use of falsehoods aims to manipulate beliefs, deepen societal divisions, and undermine public confidence in democratic institutions and the electoral management bodies (EMBs) themselves.

The October 2025 election in the Ivory Coast was a focal point for coordinated, multi-platform disinformation campaigns, with particular concern over external destabilisation efforts, including links to Burkina Faso. In May 2025, widely amplified false claims alleged that a military coup was underway in the Ivory Coast. These narratives spread rapidly across TikTok, Facebook, X, and YouTube, driven in part by self-identified pan-Africanist influencers, including a prominent pro-government activist in Burkina Faso with a large TikTok following. Emerging from a diplomatic rift between the two countries, the campaigns aimed to erode confidence in Ivorian institutions, delegitimise political leadership, and advance anti-Western narratives in a country with close ties to France.

Across the continent, 2025 marked the normalisation and increasing sophistication of disinformation as a tool of political contestation, alongside the growing weaponisation of Generative Artificial Intelligence (GenAI). With at least 18 African countries scheduled to hold elections between 2025 and 2026, the threat of scalable, high-quality deepfakes, including fabricated audio and video impersonating candidates, has emerged as a central electoral security risk. These dynamics have accelerated the spread of false narratives and overwhelmed citizens’ ability to distinguish authentic information from manipulated content. Foreign-sponsored campaigns, frequently linked to Russia, China, and Gulf states, continued to dominate external influence operations, often exploiting local grievances and employing paid local influencers to disseminate content via social media and private messaging platforms.

A major shift since 2024 has been the transition of AI-enhanced disinformation from a largely theoretical threat to a routinely deployed tool in African elections. Although the anticipated “AI-pocalypse” of 2024 proved less immediately disruptive than feared, 2025 saw a marked increase in the volume, quality, and persuasiveness of AI-generated content, raising expectations of more potent campaigns in future electoral cycles. At the same time, regional coordination has strengthened, with bodies such as the ECOWAS Network of Electoral Commissions (ECONEC) hosting workshops in 2025 to develop collective responses and improve institutional resilience against digital electoral interference.

Looking ahead to 2026, regulatory and technological countermeasures are expected to intensify in response to escalating GenAI-driven disinformation threats. More African states are anticipated to ratify the African Union’s Malabo Convention or adopt national legislation targeting AI-enabled manipulation and online political interference. Increased investment is also expected in AI detection and fact-checking tools tailored to African languages and cultural contexts, which remain underrepresented in current systems trained primarily on Western datasets. Over the longer term, emphasis is likely to shift from reactive debunking toward proactive citizen resilience, including expanded digital and media literacy programs, particularly for youth, as a cornerstone of safeguarding electoral integrity.

• Digital repression

In 2025, several African governments adopted sophisticated digital repression techniques that went beyond traditional internet shutdowns, moving toward more nuanced and technologically advanced forms of control. Kenya notably deployed tech-facilitated violence to suppress prolonged Gen Z-led protests between 2024 and July 2025, including coordinated online attacks, state-aligned troll campaigns, and targeted disinformation such as the #ToxicActivists campaign aimed at discrediting human rights defenders. Young women activists were specifically targeted with misogynistic attacks, doxxing, and AI-generated pornographic images. Meanwhile, Nigeria continued leveraging overbroad cybercrime laws, including the amended 2024 Cybercrimes Act, to jail journalists and critics under the guise of national security.

A continental shift toward AI-powered digital repression emerged in 2025, with governments deploying sophisticated surveillance and information manipulation tools. AI-enabled systems from foreign firms (China, France, Israel) allowed real-time monitoring, facial recognition, and intrusive tracking of citizens’ communications and movements. Generative AI and Large Language Models (LLMs) were increasingly used to mass-produce pro-government messages, simulate public support, and drown out dissent, as seen in Rwanda. The deployment of biometric digital ID systems in over a dozen countries raised further concerns, as centralised databases could be misused for surveillance and political persecution.

In response, multi-stakeholder discussions intensified in 2025, particularly at forums like the Forum on Internet Freedom in Africa (FIFAfrica25) in Namibia. Civil society and digital rights advocates emphasised the need for AI-specific legislation, including mandatory human rights impact assessments and independent governance bodies to audit state AI systems. Organisations like Paradigm Initiative are building citizen resilience through digital security toolkits, such as Ayeta, and reporting platforms like Ripoti, enabling real-time documentation of violations. The international community is being called upon to regulate the export and supply of invasive digital tools to regimes with poor human rights records.

The primary shift since 2024 has been the move from blunt, widespread measures, such as total internet shutdowns (21 incidents in 2024), to targeted, AI-enabled repression aimed at individuals or narratives rather than entire populations. This evolution makes repression less visible, more difficult to document, and harder to challenge.

Looking ahead to 2026, the fight against digital repression is expected to increasingly enter the legal domain, with more judicial challenges filed against overbroad surveillance and cybercrime laws, leveraging precedents like the ECOWAS Court of Justice rulings on arbitrary internet shutdowns. There is also an anticipated push for localised, language-specific digital literacy programs to counter AI-generated content tailored to exploit cultural and linguistic contexts.

• Cybercrime laws/regulations

In 2025, several African countries enacted new cybercrime laws or significantly updated existing frameworks in response to the escalating sophistication and financial impact of transnational cyber threats, including ransomware, business email compromise (BEC), and AI-driven scams. Zambia passed the Cyber Security Act 3 of 2025 (CSA) and the Cyber Crimes Act 4 of 2025 (CCA), replacing its 2021 legislation and establishing clearer definitions of cybercrime offences, including illegal data acquisition and child protection. Kenya enacted the Computer Misuse and Cybercrimes (Amendments) Act, 2025, in October, expanding the authority of the National Computer and Cybercrime Co-ordination Committee (NC4) and increasing penalties, although several provisions were suspended by the High Court pending constitutional review. In Botswana, the Data Protection Act, 2024, which commenced in January 2025, entered into force alongside the existing.

Despite broad recognition of cybercrime’s transnational nature, harmonisation of cybercrime legislation across Africa remains uneven. The African Union’s Malabo Convention, which entered into force in 2023, has been ratified by less than one-third of AU member states, limiting its effectiveness as a unified continental framework. This fragmented adoption continues to constrain coordinated enforcement and cross-border legal cooperation.

African priorities and leadership played a significant role in shaping the United Nations Convention against Cybercrime, which opened for signature in October 2025. The UN Convention places strong emphasis on international cooperation, capacity building, and technical assistance, aligning closely with African states’ needs and presenting an alternative pathway for coordinated global engagement that may offset the limited uptake of the Malabo Convention.

Throughout 2025, debates around cybercrime regulation increasingly focused on the tension between national security objectives and the protection of fundamental rights, particularly privacy and freedom of expression. In Kenya, civil society groups warned that the 2025 amendments contained overbroad provisions capable of criminalising legitimate online speech, echoing concerns in Nigeria and Tanzania, where cybercrime laws have been used to suppress dissent. Surveillance powers remained a major flashpoint, notably Nigeria’s 2024 amendment, which continued to generate controversy in 2025 for allowing communications interception in “urgent” cases without prior judicial oversight. Governments have defended these measures as necessary to combat cyber-enabled terrorism and large-scale financial fraud.

The most significant shift since 2024 has been the pivot toward the UN Convention against Cybercrime, signalling reduced confidence in the Malabo Convention as the primary harmonisation mechanism. Regionally, governments have moved toward stricter private-sector obligations, exemplified by Nigeria’s 2024 amendment, which mandates 72-hour cyber-threat reporting by financial institutions and introduces an electronic transaction levy to fund the National Cyber Security Fund. Looking ahead to 2026, the African Union and bodies such as AFRIPOL are expected to promote model laws and standardised definitions aligned with the UN Convention, alongside a rise in judicial challenges to overbroad cybercrime provisions, as demonstrated by the suspension of clauses in Kenya’s 2025 Act.

• Threat actors

In 2025, Africa’s cyber landscape was dominated by sophisticated state-sponsored actors alongside highly organised transnational cybercrime syndicates. Prominent APT groups linked to China, Russia, and Iran expanded their operational footprint across the continent. Chinese-linked cyber espionage campaigns, such as Sharp Dragon, infiltrated African government institutions to exfiltrate sensitive data and maintain long-term access, often leveraging tools like Cobalt Strike. Iranian and Russian-affiliated groups targeted ministries, communications bodies, and critical infrastructure to gather intelligence, disrupt services, and secure lasting network access, establishing Africa as a strategic battleground in global cyber operations.

A major shift in 2025 was the widespread integration of Artificial Intelligence by state and criminal actors, fundamentally altering cyberattack methods. Generative AI automated and scaled phishing campaigns, producing context-aware lure messages in multiple African languages with click-through rates up to 4.5 times higher than traditional methods. Organised crime shifted from classic ransomware to data-leak extortion, with groups like RansomHub and Qilin stealing sensitive information from healthcare and government sectors before threatening public exposure. Identity-based intrusions exploiting credentials and misconfigured cloud environments also increased, making identity the new security perimeter.

Continental conversations emphasised the urgent need for real-time, cross-border collaboration, as cybercrime transcends national jurisdictions. Mechanisms for intelligence sharing between African states and global partners such as INTERPOL are critical to overcoming slow, opaque processes. Initiatives like Operation Serengeti 2.0, coordinated by INTERPOL and AFRIPOL, highlighted the value of collaboration between law enforcement, industry experts, and civil society to dismantle cybercriminal networks. Legislative harmonisation was also emphasised to streamline digital evidence requests, essential for prosecuting transnational groups such as the West African-origin Black Axe syndicate driving multi-million-dollar BEC fraud.

Since 2024, Africa has shifted from a peripheral target to a central battleground for global cyber espionage, reflecting its growing geopolitical relevance and rapid digital expansion. The integration of AI into attack strategies has allowed unprecedented scale, precision, and deception in both state-sponsored and criminal campaigns. Financially motivated groups have increasingly combined data exfiltration with identity-led intrusions, reflecting a multi-vector approach that challenges traditional security defences.

Looking ahead to 2026, AFRIPOL and the African Union Peace and Security Council (PSC) are expected to institutionalise dynamic, continuously updated risk mapping tools to provide early warnings and facilitate coordinated responses to transnational cybercrime and terrorism. The continent’s digital resilience strategy is projected to adopt a prevention-first security model, leveraging AI-powered defences to anticipate and block threats proactively, rather than reacting post-breach, to safeguard African economies and digital trust.

• Financial breaches

In 2025, Africa’s financial sector faced a significant surge in cyber-attacks, driven by rapid digitisation and the increasing sophistication of transnational criminal networks. While specific breaches of major Deposit Money Banks (DMBs) were often confidential, high-impact attacks targeted the broader supply chain and fintech ecosystem. Notably, Kenya’s digital health wallet M-Tiba suffered a breach compromising 2.15 terabytes of data, and South African credit bureaus faced cyber extortion impacting customer data linked to Absa, FNB, and TymeBank. Nigeria exemplified the “high-impact, low-volume” trend, with bank fraud losses surging by over 600% in Q1 2025, even as incident volumes rose only marginally.

A defining trend in 2025 was the weaponisation of Generative AI (GenAI), which dramatically scaled phishing and fraud campaigns. Financially motivated threat actors leveraged AI to automate sophisticated Business Email Compromise (BEC) scams, generating deepfake content and context-aware messages, with BEC responsible for 21% of successful breaches across the continent. This AI-enabled efficiency facilitated identity-led fraud, prioritising account takeover and insider collusion, while the convergence of digital and physical crime, such as coercing victims to drain mobile banking apps, exploited Africa’s mobile-first banking systems.

Central banks and regulators intensified discussions on coordinated security frameworks. Institutions are now required to integrate cyber risk management atthe  board level, submit annual self-assessments, and adopt risk-based security frameworks. Cross-border collaboration remains a key concern: 86% of African member countries reported inadequate capacity for transnational cooperation, allowing syndicates like Black Axe to operate across jurisdictions with relative impunity.

Since 2024, the sector has moved from volume-based, opportunistic attacks to AI-enabled, high-precision cyber fraud. The rise of Generative AI has forced financial institutions to pivot from mere compliance to resilience-focused strategies, reflected in the fact that 85% of African banks now consider AI integral to their five-year security roadmap. This evolution highlights the continent’s need to integrate advanced cyber defenses in line with its growing digital finance ecosystem.

Looking ahead to 2026, two major trends are expected to shape Africa’s financial cybersecurity landscape. First, regulators will likely introduce stricter third-party risk management frameworks to secure the financial supply chain, addressing vulnerabilities revealed in 2025. Second, high mobile-based fraud rates will drive the development and mandatory adoption of mobile-centric security protocols, complemented by public education campaigns to protect millions of users relying on smartphones for financial services.

• Crypto and security

The year 2025 marked a decisive shift in African crypto governance, moving from cautious prohibition to pragmatic regulation centred on national security and financial integrity. South Africa led the continent, with the FSCA licensing over 200 Crypto Asset Service Providers (CASPs) and the FIC enforcing strict AML/CTF rules. South Africa also implemented the Financial Action Task Force (FATF) Travel Rule in May 2025 to mandate information sharing between CASPs for significant transactions. Ghana introduced regulation of Virtual Asset Service Providers (VASPs) via a new law effective September 2025, while Kenya passed the Virtual Asset Service Providers Bill, designating the Central Bank of Kenya as the main regulator.

Regulation of emerging technologies like Decentralised Autonomous Organisations (DAOs) remains nascent but is trending toward hybrid compliance models. African regulators are exploring the integration of on-chain KYC and decentralised identity solutions within smart contracts to balance decentralisation with regulatory safeguards. These measures aim to prevent illicit finance through unregulated digital channels while enforcing AML/CTF compliance in the formal VASP sector.

Discussions on crypto misuse and national security involve financial intelligence units, law enforcement, and blockchain analysis firms. Forums such as the ADDO Symposium in Cape Town emphasised enhanced cross-border cooperation, investigative capabilities, and the implementation of FATF standards to trace ransomware, money laundering, and terrorist financing activity.

The most significant change since 2024 is the shift toward formal licensing and prudential regulation of VASPs, notably South Africa’s mass licensing and Ghana and Kenya’s new VASP laws. This regulatory clarity has spurred institutional interest in African crypto markets by reducing illicit activity risks.

Looking ahead to 2026, regulation of Stablecoins is expected to intensify, with clear standards for issuance, reserves, and redemption. Additionally, taxation frameworks for crypto transactions will be enforced, requiring CASPs to share relevant data with tax authorities to integrate digital assets into the formal financial system.

In Part 3, we examine how the continent is asserting digital sovereignty and policy.