INTERPOL Disrupts Major Cybercrime Operation in MENA, Arresting 201 and Identifying 3,867 Victims
A significant cybercrime operation led by INTERPOL has culminated in the arrest of 201 individuals and the identification of 3,867 victims across the Middle East and North Africa (MENA) region. Dubbed Operation Ramz, this initiative marks the first large-scale cybercrime crackdown of its kind conducted by INTERPOL in the MENA area, reflecting an urgent response to the escalating threat of cybercrime.
Operation Overview and Timeline
Running from October 2025 to February 28, 2026, Operation Ramz brought together law enforcement agencies from 13 countries, including Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE. The operation aimed to dismantle malicious cyber infrastructures associated with various cyber threats, including phishing, malware campaigns, and online scams. In addition to the arrests, authorities identified 382 additional suspects and seized 53 servers during the operation.
INTERPOL reported that nearly 8,000 intelligence packages and data points were exchanged among participating countries, facilitating investigations and aiding in tracing malicious infrastructures linked to cybercriminal activities. This collaborative effort underscores the growing importance of cross-border cooperation in combating cybercrime networks that frequently operate across multiple jurisdictions.
Neal Jetton emphasized the significance of global collaboration in this context, stating, “In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration.”
Cybercrime Investigations Across MENA
The operation revealed multiple cybercrime schemes tied to phishing, malware distribution, and financial fraud. In Qatar, investigators utilized intelligence gathered during the operation to identify compromised devices that were unknowingly disseminating malicious threats. Authorities secured these infected systems and notified affected users to mitigate further risks.
In Jordan, law enforcement uncovered a fraudulent investment scam masquerading as a legitimate online trading platform. Victims were persuaded to deposit funds before the platform vanished. During a raid, 15 individuals were apprehended; however, it was later determined that these individuals were victims of human trafficking, lured from Asian countries under false job pretenses. Their passports had been confiscated upon arrival, forcing them into cyber fraud operations. Two individuals suspected of orchestrating the scheme were arrested.
In Oman, a server hosted in a private residence was found to contain sensitive information. Though the owner had legitimate access, authorities discovered multiple vulnerabilities and malware infections on the server. Officials disabled the server to mitigate cybersecurity risks.
Algerian authorities dismantled a phishing-as-a-service website during the operation, seizing servers, computers, mobile devices, and hard drives containing phishing scripts and malicious software. One suspect was arrested in connection with these activities. Meanwhile, Moroccan authorities confiscated computers, smartphones, and external hard drives containing banking data and phishing software, with three individuals currently facing judicial proceedings as investigations into other suspects continue.
Private Sector Partnerships in Operation Ramz
Operation Ramz received support from various cybersecurity and threat intelligence organizations, including Team Cymru, Kaspersky, Group-IB, the Shadowserver Foundation, and TrendAI. These organizations collaborated with INTERPOL to provide threat intelligence, internet visibility, and technical support to identify malicious servers and track illegal cyber activities linked to phishing, malware, and online scam networks.
Joe Sander highlighted the necessity of a coordinated international response to cybercrime, stating, “Cybercrime is borderless, and the only effective response is one that is equally borderless. Operation Ramz is exactly that kind of response.” Team Cymru contributed external threat intelligence and internet-scale telemetry, aiding authorities in mapping cybercriminal infrastructures and generating operational leads during the investigations.
Rising Focus on MENA Cybercrime Threats
The success of Operation Ramz reflects an increasing emphasis on cybersecurity cooperation in the MENA region, as phishing attacks, malware campaigns, and financial cyber scams continue to evolve. The operation illustrated how intelligence sharing between governments and cybersecurity firms can expedite the identification of malicious infrastructures, ultimately preventing additional victims.
Operation Ramz received backing from Qatar’s Ministry of Interior and partial funding from the European Union and the Council of Europe under the CyberSouth+ project. This collaborative effort emphasizes the critical need for ongoing partnerships in addressing the complex landscape of cyber threats in the region.
Source: thecyberexpress.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
