Kaspersky and Group-IB Strengthen INTERPOL’s First Large-Scale Cybercrime Crackdown in MENA, Resulting in 201 Arrests
Marrakech – A significant milestone in regional cybersecurity efforts has been achieved with the launch of Operation Ramz, the first extensive cybercrime crackdown coordinated by INTERPOL across the Middle East and North Africa (MENA). This operation, which took place from October 2025 to February 2026, has led to the arrest of 201 individuals and the identification of an additional 382 suspects, marking a pivotal moment in the fight against cybercrime in the region.
Overview of Operation Ramz
The operation involved collaboration among 13 countries, resulting in the identification of 3,867 victims and the seizure of 53 servers. Nearly 8,000 pieces of data and intelligence were exchanged among participating nations, facilitating investigations and enhancing the overall effectiveness of the operation.
Morocco played a crucial role in this initiative, with authorities confiscating computers, smartphones, and external hard drives that contained sensitive banking data and software utilized in phishing schemes. Currently, three individuals are undergoing judicial proceedings, while further investigations are ongoing.
Contributions from Kaspersky and Group-IB
Kaspersky’s Threat Research Center contributed vital technical data regarding cyber threats specific to the region, including insights into malicious infrastructure that supports malware distribution. The Moscow-based cybersecurity firm was one of five private-sector partners collaborating with INTERPOL, alongside Group-IB, the Shadowserver Foundation, Team Cymru, and TrendAI.
Yuliya Shlychkova, Kaspersky’s Vice President of Global Public Affairs, emphasized the importance of collaboration between law enforcement and private sector experts. She stated that such synergy is essential for dismantling sophisticated cybercrime networks at scale. By providing “timely and high-quality” threat intelligence, investigators can act swiftly to protect users and enhance the safety of the digital ecosystem.
Group-IB’s Role and Findings
Group-IB, headquartered in Singapore, played a pivotal role by delivering actionable intelligence on over 5,000 compromised accounts, including those linked to government infrastructure. The firm’s analysts mapped active phishing infrastructure across the MENA region, identifying two distinct clusters of threat actors: one focused on creating and distributing phishing resources, and another involved in the sale and distribution of leaked data. This adversary-centric intelligence approach allows for tracking both the infrastructure and the human actors behind cyber threats.
Dmitry Volkov, Group-IB’s CEO, noted a marked increase in phishing and scam infrastructure targeting financial platforms, government services, and individual victims throughout the region. He highlighted that the operation was a product of robust collaboration between their Digital Crime Resistance Centers across MENA and APAC regions, reaffirming the company’s commitment to supporting international efforts aimed at dismantling cybercriminal ecosystems and enhancing cyber resilience.
Implications for Cybersecurity in MENA
The operation’s findings underscore a broader trend of financially motivated cybercrime targeting the banking sector in the MENA region. Group-IB’s press release indicated that phishing operations specifically targeted financial institutions and their customers, employing harvested credentials to defraud individuals and compromise financial infrastructure.
Neal Jetton, INTERPOL’s Director of Cybercrime, remarked that Operation Ramz exemplified the effectiveness of global collaboration. He reiterated INTERPOL’s dedication to working with member countries and private sector partners to dismantle malicious infrastructure, disrupt criminal groups, and bring perpetrators to justice.
Broader Criminal Activity Uncovered
Beyond Morocco, Operation Ramz unveiled a spectrum of criminal activities across the region. In Jordan, police dismantled a financial fraud ring and uncovered a human trafficking operation involving 15 individuals from Asia coerced into running scams. In Algeria, a phishing-as-a-service website was taken down, resulting in the detention of one suspect.
In Qatar, investigators secured compromised devices that had been used to propagate malicious threats without the owners’ knowledge. In Oman, a malware-infected server located in a private residence was identified and disabled.
International Cooperation and Funding
The operation involved 13 participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE. It received support from Qatar’s Ministry of Interior and was partially funded by the European Union and the Council of Europe under the CyberSouth+ project.
The collaborative efforts demonstrated through Operation Ramz highlight the critical need for international cooperation in combating cybercrime. As cyber threats continue to evolve, the importance of sharing intelligence and resources among nations becomes increasingly vital.
For more detailed insights into the operation and its implications, refer to the original reporting source: www.moroccoworldnews.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
