INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks, Leading to 201 Arrests
In a significant move against cybercrime, INTERPOL has spearheaded a groundbreaking operation across the Middle East and North Africa (MENA), resulting in 201 arrests and the identification of an additional 382 suspects. This initiative, which took place from October 2025 to February 2026, involved collaboration among 13 countries in the region, aiming to dismantle malicious cyber infrastructure and apprehend those responsible for cybercriminal activities.
Operation Overview and Objectives
The operation, codenamed Ramz, was designed to combat the rising threats of phishing, malware, and cyber scams that have inflicted substantial financial losses across the region. According to INTERPOL, the operation successfully neutralized numerous phishing and malware threats, identifying 3,867 victims and seizing 53 servers used in these illicit activities. The collaborative effort underscores the urgency of addressing the escalating cybercrime landscape in MENA.
INTERPOL stated, “The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region.” The scale of the operation reflects a growing recognition of the need for cross-border cooperation in tackling cybercrime, which often transcends national boundaries.
Key Developments and Arrests
One of the notable achievements of Operation Ramz was the disruption of a phishing-as-a-service (PhaaS) operation in Algeria. Authorities confiscated a server, along with a computer, mobile phone, and hard drives containing phishing software and scripts. This operation led to the arrest of one suspect linked to the scheme.
In Morocco, officials seized various electronic devices, including computers and smartphones, which contained banking data and software used for phishing operations. This highlights the diverse methods employed by cybercriminals to exploit unsuspecting individuals and institutions.
In Oman, a legitimate server located in a private residence was discovered to contain sensitive information. This server had multiple critical security vulnerabilities and was infected with malware. INTERPOL took immediate action to disable the server, further illustrating the proactive measures being implemented to combat cyber threats.
Regional Implications and Challenges
The operation also uncovered compromised devices in Qatar, where owners were unaware that their systems were being utilized to propagate “malicious threats.” The exact nature of these threats remains undisclosed, but authorities have secured the affected machines and alerted the owners to take necessary security precautions.
In Jordan, police identified a computer involved in financial fraud scams, where unsuspecting users were lured into investing in a seemingly legitimate trading platform that ultimately shut down after funds were deposited. INTERPOL reported that 15 individuals involved in these scams were victims of human trafficking, having been recruited under false pretenses from their home countries in Asia. Upon arrival in Jordan, their passports were confiscated, and they were coerced into participating in the fraudulent scheme. Two individuals suspected of orchestrating the operation were arrested.
Private Sector Collaboration
The involvement of private sector entities, such as Group-IB, played a crucial role in the operation’s success. Group-IB provided actionable intelligence on over 5,000 compromised accounts, including those linked to government infrastructure, and shared insights about active phishing infrastructure across the region. Joe Sander, CEO of Team Cymru, emphasized the necessity of a borderless response to cybercrime, stating, “Cybercrime is borderless, and the only effective response is one that is equally borderless.”
The collaborative nature of Operation Ramz, involving law enforcement and trusted private-sector partners, exemplifies a model for future initiatives aimed at dismantling the infrastructure that cybercriminals rely on.
Broader Context of Cybercrime Enforcement
The arrests made during Operation Ramz are part of a broader trend of intensified law enforcement actions against cybercriminals worldwide. Recent announcements from Germany and the U.S. Department of Justice (DoJ) highlight a series of significant actions targeting various cybercrime activities.
Among these actions is the sentencing of Thomasz Szabo, a Romanian citizen, to 48 months in prison for masterminding an online swatting ring that targeted over 75 public officials and journalists. Additionally, Owe Martin Andresen, a German citizen, was indicted on money laundering charges related to the illicit darknet marketplace, Dream Market.
The shutdown of the relaunched Crimenetwork marketplace and the arrest of a suspected administrator further illustrate the ongoing efforts to combat cybercrime on multiple fronts. The conviction of Sohaib Akhter, who deleted 96 databases storing U.S. government information, and the sentencing of Alan Bill, a Slovakian administrator involved in drug distribution and financial fraud, underscore the diverse nature of cybercriminal activities being addressed.
Conclusion
The success of Operation Ramz marks a pivotal moment in the fight against cybercrime in the MENA region. The collaborative efforts of law enforcement agencies and private sector partners demonstrate the importance of a unified approach to tackling cyber threats. As the landscape of cybercrime continues to evolve, ongoing vigilance and cooperation will be essential in safeguarding individuals and institutions from malicious activities.
Source: thehackernews.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
