Kaspersky and Afripol Train African Law Enforcement in Threat Hunting
Cybercrime is becoming more sophisticated and harder to track across borders, and law enforcement agencies across Africa are working to close the skills gap. In a bid to strengthen investigative capability, Kaspersky and Afripol have rolled out cybersecurity training for police and related officials from 23 African countries, teaching them how to run security operations and hunt for threats more effectively.
As part of a joint initiative, around 40 officers took part in a programme focused on security operations and threat hunting, delivered between November 2025 and March 2026. The training forms part of a cooperation agreement between the two organisations, signed in 2024, and aims to build practical cyber response skills among participating countries.
The course is designed around the realities of modern digital crime. Officers are not only taught theory, but also guided through the day-to-day work that underpins effective defence, including detection, investigation, and the use of threat intelligence to understand attacker behaviour.
Focus keyword: Kaspersky Afripol training
A core part of the Kaspersky Afripol training programme centres on strengthening Security Operations Centre (SOC) capabilities. Participants focused on what SOC analysts do in real environments: monitoring systems, identifying suspicious indicators, and escalating incidents when malicious activity is confirmed.
The learning also covered how threat hunting is carried out when attacks are not immediately obvious. Instead of waiting for alerts, officers were trained to actively look for signs of intrusion, persistence, and compromise—especially in environments commonly targeted by cybercriminals.
According to programme details, training content included guidance on identifying malicious activity across Windows and Linux systems. That matters because many cyber threats rely on tactics that work across different operating platforms, and investigators often need confidence in both ecosystems when collecting evidence or building case narratives.
Participants also worked through attacker behaviour using Tactics, Techniques and Procedures (TTPs). In practice, this helps officers understand how threat actors operate, what they tend to use, and how specific steps in an attack chain can show up during investigations.
Another key element was the use of threat intelligence. Officers were taught how intelligence can support investigations by providing context—such as what threats are currently active, how known adversary patterns look in logs, and what indicators may help connect separate events into a single incident.
To make sure the training translated into real-world understanding, the programme included structured learning formats and expert engagement. Beyond the course material, participants took part in online Q&A sessions, which gave them a direct line to experts and course authors from Kaspersky’s security services team.
During these sessions, officers could ask questions on complex topics, discuss practical scenarios, and get clarifications that are often difficult to capture in a purely self-paced format. Organisers say this helped strengthen retention and ensured attendees walked away with a deeper grasp of cybersecurity investigation concepts.
Both organisations stress that cybercrime can’t be tackled by one side alone. Cyberthreats cross borders, evolve quickly, and frequently involve techniques that require specialised knowledge. That is why collaboration between the private cybersecurity sector and law enforcement bodies is often seen as essential.
In remarks about the initiative, Yuliya Shlychkova, vice president of public affairs at Kaspersky, said cybercrime is “highly sophisticated, borderless and constantly evolving.” She added that cooperation and knowledge sharing between industry and law enforcement are critical to disrupting cybercrime effectively.
Shlychkova also pointed to the long-term nature of Kaspersky and Afripol’s partnership. She said the organisations have worked together to better understand the cyberthreat landscape across Africa and support international efforts to counter criminal activity online.
Mohammed Benaired, head of training and capacity building at Afripol, echoed the need to keep law enforcement capabilities current. He said strengthening agencies is essential as cybercrime becomes more complex across the continent, and that programmes like this provide practical skills for investigating incidents and analysing digital evidence.
Benaired further highlighted the value of working with private cybersecurity partners, noting that it helps police teams stay informed about new threat trends and evolving investigative approaches. He described the collaboration as an opportunity to enhance the response capabilities of Afripol’s member countries.
The Kaspersky Afripol partnership also extends beyond this training cycle. In 2024, the two organisations signed a cooperation agreement aimed at preventing and fighting cybercrime. The framework, set to run for five years, is meant to formalise collaboration through assistance and know-how, including sharing threat intelligence data and improving information security analysis.
Kaspersky Expert Training, the company’s training platform referenced in connection with the programme, has been used across institutions globally. Kaspersky experts have trained more than 3,000 specialists from 50 countries, with education content that covers areas such as reverse engineering, threat hunting, incident response, and more, broken down by experience level.
For Afripol, the broader mission is tied to improving operational coordination among African Union member states. Afripol is described as a police cooperation body supporting efforts to counter transnational organised crime, terrorism, and cybercrime—especially when threats cross borders and require joint responses.
As the training programme reaches participating officers across the continent, the message is clear: building investigative capacity is becoming as important as detection tools. With Kaspersky Afripol training aimed directly at SOC activity, threat hunting, and incident investigation, participating countries are taking a practical step toward stronger cyber defence and more effective enforcement against digital criminals.