Hawks took down a multi-billion-dollar cybercrime syndicate in Bryanston and Johannesburg’s northern suburbs on Tuesday.
By the time doors were kicked in across Johannesburg’s northern suburbs, the operation had already been years in the making.
The investigation that culminated in yesterday’s coordinated takedown stretched back five years in South Africa, with threads reaching even further across multiple jurisdictions.
A years-long probe largely conducted behind desks
What unfolded on the ground in a matter of hours was the final act of an exceptionally complex, largely unseen process that investigators describe as one of the most demanding cybercrimes probes they have worked on.
Unlike traditional organised crime investigations, this case was never driven primarily by boots on the ground.
Investigators say as much as 95% of the work took place behind desks.
Following the money across borders
Analysts spent years sifting through vast volumes of documentation, tracing company ownership, mapping banking flows and identifying links between accountants, lawyers, properties, vehicles and foreign travel patterns.
At the centre of the investigation was the movement of money.
Funds flowed from victims in foreign countries into a sprawling laundering system that routed transactions through multiple jurisdictions and hundreds, if not thousands, of bank accounts.
ALSO READ: Multi-billion-rand global crime operation taken down in Bryanston
Money rarely moved directly back to South Africa.
Instead, it circulated through a global web before being “cleaned” and returned via front companies and professional intermediaries.
With the decision to move in, planning intensified.
Prosecutors were embedded from early on to ensure the operation had prosecutorial guidance, with search, seizure and arrest warrants drafted in advance.
Meanwhile, operatives were deployed to infiltrate the call centres.
Inside the call centres and the rise through the ranks
According to sources close to the investigation, it was a major intelligence exercise.
“After infiltrating the call centres, we tracked individual agents, their movement through the ranks and their lifestyles, how and what they did and what the internal processes were,” a source told The Citizen.
The source added while income levels of various agents were not completely established, they were measured by the cars they bought.
ALSO READ: Hawks arrest five in R12m construction fraud; four companies implicated
“Usually, a call centre agent would start off buying a medium-range saloon. Soon, a more expensive SUV followed and, top-tier swindlers were buying super cars worth millions.”
That was on top of caviar and champagne lifestyles and impressive personal property portfolios.
Operational blackout and international cooperation
As the investigation progressed, there were months of tightly controlled planning meetings, many held daily, with information shared strictly on a need-to-know basis.
A complete operational blackout was imposed well before the raids to prevent leaks or tip-offs.
Sources said the US Secret Service, the banking industry’s Sabric and Saps Local Criminal Records Centre – forensics, played a critical role.
Investigators stressed this was not a conventional takedown.
It was a precision operation against a syndicate that operated almost entirely through screens and servers – and one that demanded patience, discipline and absolute secrecy to bring to a close.
NOW READ: Major drug lab busts last year expose expanding syndicates to watch out for in 2026
