Group-IB Strengthens INTERPOL’s Operation Ramz, Aiding First Major Cybercrime Takedown in MENA Region
Dubai, UAE: Group-IB, a prominent developer of predictive cybersecurity technologies, has announced its pivotal role in INTERPOL-coordinated Operation Ramz. This operation marks a significant milestone as the first large-scale cybercrime initiative in the Middle East and North Africa (MENA) region. Running from October 2025 to February 2026, the operation focused on dismantling phishing infrastructure, malware threats, and cyber scams that have caused substantial financial and personal harm to individuals and organizations throughout the region.
Operation Overview and Outcomes
The operation involved collaboration among 13 countries in the MENA region, resulting in the arrest of 201 individuals, with an additional 382 suspects identified. Investigators uncovered 3,867 victims and seized 53 servers, while disseminating nearly 8,000 actionable intelligence pieces among participating nations to bolster ongoing investigations.
Group-IB played a crucial role by providing actionable intelligence on over 5,000 compromised accounts, including those linked to government infrastructure. This intelligence offered investigators a comprehensive understanding of the extent of credential compromise in the region. Furthermore, Group-IB’s analysts mapped active phishing infrastructure across MENA, identifying two distinct clusters of threat actors: those creating and distributing phishing resources and others involved in the sale and distribution of leaked data. This adversary-centric approach significantly enhanced the operation’s overall effectiveness.
Regional Criminal Schemes Uncovered
Operation Ramz revealed a variety of criminal schemes across the region. In Qatar, investigators discovered compromised devices belonging to individuals who were unaware that their systems were being exploited to propagate malicious threats. These systems were promptly secured, and the owners were informed to take preventive measures.
In Jordan, authorities dismantled a financial fraud operation that impersonated a legitimate trading platform. The investigation uncovered that the 15 individuals involved in the scams were victims of human trafficking, having been lured from their home countries in Asia with false promises of employment. Upon arrival in Jordan, their passports were confiscated, and they were coerced into committing fraud. Two individuals suspected of orchestrating the operation were arrested.
In Oman, investigators identified a server located in a private residence that contained sensitive information. Despite the owner having legitimate access, the server exhibited multiple critical security vulnerabilities, including an active malware infection, leading to its deactivation to prevent further harm. In Algeria, a phishing-as-a-service website was taken down, resulting in the detention of one suspect and the seizure of hardware containing phishing software and scripts. In Morocco, authorities confiscated computers and external drives containing banking data and phishing tools, leading to judicial proceedings against three individuals.
Insights from Group-IB and INTERPOL
Dmitry Volkov, CEO of Group-IB, emphasized the alarming rise in phishing and scam infrastructure targeting financial platforms, government services, and individual victims in the MENA region. He noted that Operation Ramz exemplifies the power of coordinated, intelligence-led action, made possible by the deep, regionally relevant threat intelligence provided by Group-IB’s Digital Crime Resistance Centers (DCRCs). Volkov reaffirmed the company’s commitment to supporting international efforts aimed at dismantling cybercriminal ecosystems and enhancing cyber resilience.
Neal Jetton, Director of Cybercrime at INTERPOL, remarked on the effectiveness of global collaboration in combating cybercrime. He stated that Operation Ramz illustrates INTERPOL’s dedication to working with member countries and private sector partners to dismantle malicious infrastructure, disrupt criminal groups, and ensure justice for perpetrators.
Group-IB’s Role in Cybercrime Prevention
Group-IB has established long-standing partnerships with international law enforcement organizations, including INTERPOL, Europol, and AFRIPOL. These collaborations enable the provision of threat intelligence and investigative support for global cybercrime investigations. Through its extensive network of Digital Crime Resistance Centers (DCRCs), Group-IB leverages regional expertise and predictive threat intelligence capabilities to transform technical indicators into actionable intelligence, supporting coordinated efforts to disrupt cybercrime worldwide.
As cybercrime continues to evolve in complexity and scale, the importance of public-private collaboration becomes increasingly evident. Such partnerships are essential for identifying emerging threats, disrupting criminal infrastructure, and fortifying cyber resilience across the MENA region and beyond.
Participating Countries
The operation involved the participation of several countries, including Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE.
About Group-IB
Founded in 2003, Group-IB is a leading creator of cybersecurity technologies designed to investigate, prevent, and combat digital crime on a global scale. Headquartered in Singapore, the company operates Digital Crime Resistance Centers across the Americas, Europe, the Middle East and Africa, Central Asia, and the Asia-Pacific. Group-IB analyzes and neutralizes regional and country-specific cyber threats through its Unified Risk Platform, offering industry-leading solutions in Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection, and External Attack Surface Management. The company serves various sectors, including government, retail, healthcare, gaming, and finance. Group-IB collaborates with international law enforcement agencies to enhance global cybersecurity and has received accolades from advisory firms such as Datos Insights, Gartner, Forrester, Frost & Sullivan, and KuppingerCole.
For further details, visit Group-IB or connect on LinkedIn, X, Facebook, and Instagram.
Discover our podcasts to hear from leading voices on Masked Actors and Fraud Intel, where top cybersecurity experts share real-world experiences, emerging trends, and practical insights to help you stay one step ahead in the fight against cybercrime.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
Source: www.zawya.com
