AFRICOM Theater Assessment — March 2026

Executive Summary

March 2026 in the AFRICOM theater is defined by four converging threat axes: Russia's SVR has assumed control of influence operations across the Sahel through the "Africa Politology" network [5], the AQAP-facilitated Houthi-al-Shabaab convergence is maturing across the CENTCOM-AFRICOM seam with AQAP-developed encrypted communications and Houthi-to-al-Shabaab drone technology transfer [11][12], the DRC conflict has become inseparable from U.S. critical mineral supply chains through a proposed $9 billion acquisition [22], and Sudan's civil war has metastasized into a multi-state proxy conflict involving at least eight external patrons, with drone bases in Egypt and training camps in Ethiopia [25]. Overlaying all of this: African organizations face cyberattack rates 60% above the global average [17], over 200 cases of compromised African corporate access are circulating on underground forums [18], and Iranian APT group Muddy Water is actively targeting the META region [19].

Military and Diplomatic

AFRICOM ran three multinational exercises in the February-March window. Justified Accord 2026 brought 1,500 personnel to Kenya, Tanzania, and Djibouti to validate new technologies in austere environments. Cutlass Express 2026 in Mauritius involved 19 nations and saw the first-ever deployment of a Lightfish Unmanned Surface Vessel from a partner nation's vessel. Planning for Flintlock 2026, involving 30+ nations including Libya, was finalized in Abidjan.

Looking ahead, African Lion 2026 (April 20 to May 8) will introduce an "open-air field lab" across Morocco and Tunisia for testing AI decision-support tools and semiautonomous robotic systems [1][2]. Separately, AFRICOM is evaluating CURTAIN CALL, a counter-UAS swarm system built on commercially available drones and sensors.

On the kinetic side, AFRICOM conducted multiple airstrikes targeting al-Shabaab and ISIS-Somalia in February and March 2026[3]. A small U.S. contingent arrived in Nigeria on February 3 to provide intelligence fusion and ISR capabilities [7]. According to Nigerian media reporting, Washington has requested permission to establish an MQ-9 drone refueling station in Nigeria, though this has not been confirmed by AFRICOM or official U.S. sources [7]. AFRICOM Commander Gen. Anderson met Saddam Haftar at the Munich Security Conference, signaling expanded engagement with Libya's eastern-based forces [9].

In the Sahel, approximately 1,000 new Africa Corps soldiers are expected in Mali, bringing Russian troop strength to 3,500 [3]. The SVR has taken over Wagner's influence operations through a front called "Africa Politology," employing nearly 100 consultants with a budget of roughly $750,000 per month [5]. Carnegie Endowment assesses Russia has yet to demonstrate it can deliver on even the "relatively low bar" of protecting its partner juntas and their mines [4].

The U.S. imposed sanctions on Rwanda's military and four senior officials on approximately March 2 for direct operational support of M23 in the DRC [20]. Chad closed its border with Sudan on February 23 after cross-border incursions killed five soldiers [24].

Cyber Operations

African organizations averaged 3,153 weekly cyberattacks per organization in early 2026, 60% above the global average [17]. Nigeria stands out at 4,701 attacks per organization per week, a 12% year-over-year increase, with government, financial services, and consumer goods as the most targeted sectors [16].

Group-IB identified more than 200 cases of compromised corporate access tied to MEA organizations for sale on underground forums in 2025 [18]. This means access to African government, defense, and critical infrastructure networks is almost certainly already available for purchase by both state-sponsored and criminal actors.

Iranian-aligned Muddy Water APT is conducting Operation Olalampo, a structured offensive targeting the META region, with TTPs overlapping the separately tracked RedKitten campaign [19]. This indicates coordinated infrastructure across Iranian-aligned actors, and cyber defenders across AFRICOM's area of responsibility should expect targeting of telecommunications, government, and energy sectors.

AQAP has launched a proprietary encrypted messaging application enabling exclusive messaging with al-Shabaab [11]. This represents a meaningful operational security advancement for violent extremist organizations and complicates signals intelligence collection.

Economic and Supply Chain

The DRC offered the rebel-held Rubaya coltan mine, one of the world's richest tantalum deposits, to the U.S. under a minerals cooperation framework. M23 and an estimated 10,000 Rwandan troops control extraction at Rubaya, generating approximately $800,000 per month and moving over 120 tonnes of coltan monthly into Rwanda for laundering and export. Separately, the U.S.-backed Orion Critical Mineral Consortium signed a non-binding MOU with Glencore for a potential acquisition of a 40% stake in DRC's Mutanda Mining and Kamoto Copper Company, in a transaction implying a combined enterprise value of $9 billion [22]. The deal remains subject to due diligence and regulatory approvals.

In Niger, the Patriotic Movement for Freedom and Justice attacked the Djibelilla-Agadem oil field on February 10, destroying three army vehicles and killing at least 24 security personnel [3]. This attack on energy infrastructure in a country with limited SCADA security capacity is a warning signal.

According to one source, China became the largest arms supplier to West Africa between 2020 and 2024, with NORINCO opening a regional office in Dakar and establishing maintenance hubs in Mali and Cote d'Ivoire. These facilities provide physical access to African military hardware and potential vectors for intelligence collection.

Houthi-al-Shabaab Convergence (with Possible ISIS-Somalia Interaction)

• Evidence of collaboration: The October 2025 UN Panel of Experts report confirmed intensifying cooperation between Houthis and al-Shabaab involving weapons smuggling, technical training, and logistical support [12]. Confidential sources told the UN panel that Houthis are training al-Shabaab members in drone technology and sophisticated IED manufacture [12]. AQAP sent more than a dozen al-Shabaab operatives to Yemen for drone warfare training in 2024 and developed a proprietary communications application for exclusive messaging with al-Shabaab [11]. AFRICOM Commander Gen. Anderson publicly acknowledged "the growing connections of the Houthis into that region" [10]. Somali sources detected interactions between Houthis, al-Shabaab, and ISIS-Somalia, though the ISIS-Somalia dimension is less well-documented than the bilateral Houthi-al-Shabaab relationship [12].
• Domains: Military (drone tech transfer, weapons smuggling), cyber/communications (AQAP-developed encrypted messaging app), intelligence (cross-group operational coordination)
• Implications for AFRICOM: This convergence, with possible but less well-documented ISIS-Somalia involvement, exploits the geographic seam between CENTCOM and AFRICOM [11]. Drone technology transfer likely gives al-Shabaab new ISR and strike capabilities, almost certainly including electronic warfare and GPS navigation components based on known Houthi drone systems. The encrypted communications app complicates SIGINT collection. Houthi resumption of Red Sea attacks on February 28 could stretch AFRICOM maritime cyber defense resources simultaneously with Horn of Africa counterterrorism requirements.
• Confidence: Moderate (for bilateral Houthi-al-Shabaab convergence); Moderate (for ISIS-Somalia involvement)
• Sources: [10], [11], [12],

Russia (SVR/Africa Corps) and Sahel Juntas

• Evidence of collaboration: The SVR has taken over Wagner influence operations through "Africa Politology," directing nearly 100 consultants [5]. Russia is deploying 1,000 additional troops to Mali, bringing the total to 3,500 [3]. The SVR provides intelligence about French and U.S. military and political plans in the Sahel to its junta partners and supports creation of a new military-political union among Mali, Burkina Faso, Niger, and Guinea [5]. Despite these efforts, reporting indicates Russia "did not have much to show" for its investment [5], and jihadist groups, particularly JNIM, continue to pressure urban areas including imposing a selective blockade of Bamako [3].
• Domains: Intelligence (SVR directing operations), military (Africa Corps troop deployments), diplomatic (Alliance of Sahel States), information (influence campaigns)
• Implications for AFRICOM: The transition from mercenary-run to SVR-directed operations almost certainly means improved OPSEC and more sophisticated cyber-enabled intelligence collection targeting AFRICOM communications and partner-nation engagements. Russia's ground-level struggles may drive greater reliance on information operations and cyber tools to maintain regime support [4]. The planned Flintlock 2026 exercise in Cote d'Ivoire and Libya operates within this contested information environment.
• Confidence: Moderate
• Sources: [3], [4], [5]

Multi-State Proxy Architecture in Sudan

• Evidence of collaboration: Ethiopia was hosting a UAE-financed secret training camp for 4,300 RSF-aligned fighters near the Grand Ethiopian Renaissance Dam [25]. The UAE has been the RSF's main patron, providing financial, military, and logistical support [25]. The SAF has assembled its own coalition including Egypt, Eritrea, Turkey, Qatar, Iran, and Saudi Arabia [25]. Cairo is hosting a drone base used by the SAF [25]. The conflict has spilled into Chad, which closed its border after cross-border incursions [24].
• Domains: Military (training camps, drone bases, proxy forces), diplomatic (multi-state coalitions on both sides), intelligence (patron-state intelligence sharing), economic (UAE financing)
• Implications for AFRICOM: At least eight external states are actively involved, each bringing different cyber capabilities. Iranian alignment with the SAF coalition [25] and Muddy Water's separate active targeting of the META region [19] raise the possibility that Iranian cyber operations could parallel kinetic support, though no direct evidence of coordination between these activities exists in current reporting. The UAE-Ethiopia training camp near the GERD creates a convergence point where water security, critical infrastructure protection, and intelligence interests collide. Satellite communications links supporting Egyptian and Turkish drone operations for the SAF represent intercept and disruption targets for adversaries.
• Confidence: Moderate (multi-source but relies heavily on a single Al Jazeera opinion piece [25] and anonymous sources for the most significant claims about training camps and drone bases)
• Sources: [19], [23], [24], [25]

China's Hardware Penetration of West Africa

• Evidence of collaboration: According to one source, China became the largest arms supplier to West Africa between 2020 and 2024, though this claim could not be independently verified against SIPRI data. NORINCO opened a regional office in Dakar and has been establishing maintenance hubs in Mali and Cote d'Ivoire.
• Domains: Military (arms supply), economic (maintenance contracts), technology (embedded electronic systems)
• Implications for AFRICOM: Chinese-manufactured military electronics, communications equipment, and sensor systems in West African partner-nation militaries likely contain firmware and components that could be exploited for intelligence collection. Maintenance hubs provide persistent physical access. This is particularly relevant as Flintlock 2026 will operate in Cote d'Ivoire, where NORINCO is establishing a facility.
• Confidence: Moderate
• Sources:,

Operational Implications

• AFRICOM's technology pivot creates new attack surface: The simultaneous introduction of AI decision-support tools [1][2], semiautonomous robotic systems [1], counter-UAS swarm technology using COTS components, and unmanned surface vessels across multiple exercises dramatically expands the digital attack surface. Adversaries will likely attempt to collect on or disrupt these experimental systems during the African Lion field lab testing phase.
• SVR takeover demands upgraded communications security: The SVR's assumption of Africa influence operations [5] means AFRICOM communications in the Sahel theater face collection by a professional state intelligence service rather than a mercenary outfit. Flintlock 2026 in Cote d'Ivoire and Libya is almost certainly a priority target for SVR signals intelligence given the SVR's documented mandate to collect on U.S. and French military plans in the Sahel [5].
• Nigerian ISR data sharing is a high-value target: U.S. intelligence fusion operations and ISR data flows with Nigerian forces [7] occur in the country with the highest cyberattack rate on the continent (4,701 per organization weekly) [16]. Over 200 compromised MEA corporate access credentials are already on underground forums [18]. Any MQ-9 refueling station infrastructure would inherit this threat environment.
• Critical mineral supply chain traceability is vulnerable: The Rubaya coltan operation under M23/Rwandan control feeds laundered minerals into global supply chains, while the proposed $9 billion Orion-Glencore transaction [22] makes DRC mining operations a top-tier target for economic espionage by Chinese and Russian actors seeking to maintain mineral supply chain dominance.
• Maritime cyber posture needs reinforcement: Houthi resumption of Red Sea attack threats[13], shipping company re-routing decisions [14], and the deployment of new networked maritime platforms require heightened monitoring of GPS spoofing, AIS manipulation, and maritime communications security across the Bab el-Mandeb and Western Indian Ocean.

Sources:,, [1], [2],, [5], [7],, [13], [14], [16], [18],, [22]

Outlook

April's African Lion 2026 field lab (April 20 to May 8) [1][2] and Flintlock 2026 across Cote d'Ivoire and Libya will be the highest-value intelligence collection targets for adversaries this quarter. We assess the Houthi decision to resume or restrain Red Sea attacks[13] will be the primary escalation variable across the CENTCOM-AFRICOM seam. In the DRC, the interaction between U.S. sanctions on Rwanda [20], the proposed $9 billion mineral transaction [22], and M23's continued territorial control [21] creates conditions where any party could escalate to disrupt the others' equities, with cyber operations as a likely asymmetric tool.

Sources:, [1], [2],, [13], [20], [21],, [22]

Sources

• [1] "AFRICOM seeks 'lifelike' robots for realistic training" - Military Africa, https://www.military.africa/2026/03/africom-seeks-lifelike-robots-for-realistic-training/
• [2] "US and Morocco Gear Up for AI-Driven Military Exercises in Africa" - The Defense Post, https://thedefensepost.com/2026/01/12/us-morocco-ai-exercises/
• [3] "DRC Offensive Kills M23 Leader; Russia Reinforces Sahel: Africa File, February 26, 2026" - Critical Threats, https://www.criticalthreats.org/analysis/drc-fardc-m23-russia-wagner-mali-burkina-niger-rsf-chad-sudan-fgs-somalia-ghana-aes-ecowas-africa-file-february-26-2026
• [4] "Russia in Africa: Examining Moscow's Influence and Its Limits" - Carnegie Endowment for International Peace, https://carnegieendowment.org/russia-eurasia/research/2026/02/russia-role-west-southern-africa-junta-wagner-africa-corps
• [5] "Investigation: Russian spy agency takes over Wagner operations in Africa" - Africanews, https://www.africanews.com/2026/02/21/investigation-russian-spy-agency-takes-over-wagner-operations-in-africa/
• [6] "The African troops dying in Putin's war against Ukraine" - Martin Plaut, https://martinplaut.com/2026/03/02/the-african-troops-dying-in-putins-war-against-ukraine/
• [7] "Nigeria-U.S. security talks deepen as AFRICOM engagement signals a new phase" - Businessday NG, https://businessday.ng/insight-2/article/nigeria-u-s-security-talks-deepen-as-africom-engagement-signals-a-new-phase/
• [8] "AFRICOM expands counterterrorism push as US pursues converged security and economic agenda" - Capital FM, https://www.capitalfm.co.ke/news/2026/02/africom-africa-security-partnerships-2026/
• [9] "Saddam Haftar meets with AFRICOM commander on the sidelines of Munich Security Conference 2026" - Libya Update, https://libyaupdate.com/saddam-haftar-meets-with-africom-commander-on-the-sidelines-of-munich-security-conference-2026/
• [10] "U.S. Africa Command prioritizes technology as 'an enabler of African-led security'" - DefenseScoop, https://defensescoop.com/2026/01/29/us-africa-command-gen-dagvin-anderson-technology-african-security/
• [11] "Disrupting the Houthi-al Shabaab Alliance" - JINSA, https://jinsa.org/disrupting-the-houthi-al-shabaab-alliance/
• [12] "U.N. Report Shows Increasing Collaboration of Houthis, al-Shabaab" - Africa Defense Forum, https://adf-magazine.com/2025/11/u-n-report-shows-increasing-collaboration-of-houthis-al-shabaab/
• [13] "Houthis" - Wikipedia, https://en.wikipedia.org/wiki/Houthis
• [14] "Red Sea Corridor Slips Back Into Crisis as Houthi Threats Resurface" - gCaptain, https://gcaptain.com/red-sea-corridor-slips-back-into-crisis-as-houthi-threats-resurface/
• [15] "Security Council, Adopting Resolution 2812 (2026), Extends Reporting on Houthi Attacks in Red Sea for Six Months" - UN, https://press.un.org/en/2026/sc16274.doc.htm
• [16] "Global Cyber Attacks Rise in January 2026" - Check Point Research, https://blog.checkpoint.com/research/global-cyber-attacks-rise-in-january-2026-amid-increasing-ransomware-activity-and-expanding-genai-risks
• [17] "Africa Confronts Expanding Cyber Threats Amid Digital Acceleration" - Security MEA, https://securitymea.com/2026/02/23/africa-confronts-expanding-cyber-threats-amid-digital-acceleration/
• [18] "Supply Chain Attacks Dominate 2026 Cyber Threat Landscape, Group-IB Report Reveals" - Gulf News, https://gulfnews.com/technology/supply-chain-attacks-emerge-as-top-global-cyber-threat-in-2026-1.500456194
• [19] "Iranian Use of Cybercriminal Tactics in Destructive Cyber Attacks: 2026 Updates" - Halcyon, https://www.halcyon.ai/ransomware-alerts/iranian-use-of-cybercriminal-tactics-in-destructive-cyber-attacks-2026-updates
• [20] "US sanctions Rwandan army and top officials for supporting M23 in DRC" - Al Jazeera, https://www.aljazeera.com/news/2026/3/3/us-sanctions-rwandan-army-and-top-officials-for-supporting-m23-in-drc
• [21] "Congo War Security Review, March 11, 2026" - Critical Threats, https://www.criticalthreats.org/briefs/congo-war-security-review
• [22] "Critical minerals: Who benefits from the US push?" - openDemocracy, https://www.opendemocracy.net/en/us-critical-minerals-tech-boom-ai-africa-who-benefits/
• [23] "As attacks intensify in Kordofan, fighting once again threatens Sudan's capital" - Peoples Dispatch, https://peoplesdispatch.org/2026/02/03/as-attacks-intensify-in-kordofan-fighting-once-again-threatens-sudans-capital/
• [24] "Chad shuts border with Sudan after cross-border incursion kills soldiers" - Al Jazeera, https://www.aljazeera.com/news/2026/2/23/chad-shuts-border-with-sudan-after-clashes-from-conflict-kills-five-troops
• [25] "Sudan's devastating war rages on as regional rivalries deepen" - Al Jazeera (Opinion), https://www.aljazeera.com/opinions/2026/3/11/sudans-devastating-war-rages-on-as-regional-rivalries-deepen