Detectives from the Directorate of Criminal Investigations (DCI) have arrested three Nigerian nationals in connection with a suspected cyber fraud syndicate operating from a rented apartment in Mwea, Kirinyaga County. The raid, which took place on the evening of Wednesday, November 12, 2025, led to the recovery of a significant cache of electronic devices allegedly used to defraud Kenyans.

In a statement released on Wednesday, the DCI confirmed the arrests and identified the suspects as Peter Chukwujekwu, Alazor Chukulute Sunday, and Nnalue Chiagozie Samwel. The operation was launched by a multi-agency team after residents of Mwaliko Estate raised an alarm over suspicious late-night activities at the apartment.

Upon raiding the premises, detectives discovered an array of equipment believed to be the tools of the syndicate's trade: 21 mobile phones, 79 SIM cards, a Dell laptop, and numerous credit cards from various banks. According to the DCI, preliminary investigations indicate that the three suspects are in the country illegally, as their entry passes have expired and they do not possess valid work permits. The suspects claimed to be running an online business, a claim investigators are treating with skepticism given the evidence recovered.

The Anatomy of a Growing Threat

The Mwea arrests underscore the persistent and evolving challenge of cybercrime in Kenya, a nation that has rapidly embraced digital finance. Syndicates, both local and international, increasingly exploit vulnerabilities in the country's digital infrastructure, with devastating financial consequences for individuals and businesses. According to a 2024 report from the Communications Authority of Kenya (CA), the country lost approximately KSh 10.71 billion ($83 million) to cybercrime in 2023. Between April and June 2024 alone, the national cybersecurity centre detected 1.1 billion cyber threat events, a 16.5% increase from the previous quarter.

The methods employed by such syndicates are varied and sophisticated. They often involve social engineering, where fraudsters manipulate victims into divulging personal information. A common tactic is SIM swap fraud, where criminals use stolen personal data to convince mobile service providers to transfer a victim's phone number to a new SIM card. Once in control of the number, they can intercept one-time passwords (OTPs) required for accessing mobile banking and M-Pesa accounts, subsequently draining funds.

Legal and Regional Dimensions

The suspects face serious charges under Kenya's Computer Misuse and Cybercrimes Act of 2018. This legislation criminalizes activities such as unauthorized access to computer systems, data espionage, and online fraud, with penalties including substantial fines and lengthy prison sentences. An amendment to the act in October 2025 introduced even tougher penalties, with fines of up to KSh 20 million and jail terms of up to ten years for offenses like cyber harassment.

The transnational nature of the Mwea syndicate highlights the need for robust cross-border cooperation. Kenyan authorities have repeatedly called for enhanced collaboration with international partners to combat organized crime. In October 2025, officials from Kenya's Financial Reporting Centre (FRC) met with Nigeria's Economic and Financial Crimes Commission (EFCC) to understudy their frameworks for combating money laundering and terrorism financing, signaling a move towards closer partnership. Such collaborations are critical, as criminal networks often redistribute illicit funds across multiple jurisdictions to evade capture.

The DCI has stated that the three suspects are in custody as investigations continue to trace possible links to broader cross-border cybercrime networks. Their arraignment in court is pending as detectives work to unravel the full extent of the syndicate's operations and identify potential victims and collaborators.