Operation Ramz Dismantles Cybercrime Networks Across MENA Region
In a significant international effort to combat cybercrime, Operation Ramz has led to the seizure of 53 servers, the arrest of 201 individuals, and the identification of 382 additional suspects across the Middle East and North Africa (MENA) region. This coordinated operation, spearheaded by INTERPOL, spanned from October 2025 to February 28, 2026, marking the first cybercrime initiative of such magnitude in the region.
Scope and Collaboration
Operation Ramz involved 13 countries, including Algeria, Jordan, Qatar, Morocco, and the United Arab Emirates. The primary objective was to dismantle infrastructures supporting phishing schemes, malware campaigns, and financially motivated cyber scams. Authorities identified 3,867 victims affected by these illicit activities, underscoring the extensive reach of the criminal networks.
INTERPOL facilitated the sharing of nearly 8,000 intelligence artifacts among participating nations, enhancing the effectiveness of investigations and enabling swift disruption of malicious infrastructures. Neal Jetton, INTERPOL’s Director of Cybercrime, emphasized the operation’s significance, stating, This operation demonstrates the growing importance of cross-border collaboration in tackling cyber threats that know no geographical boundaries.
Key Findings and Actions
Operation Ramz uncovered various cybercriminal tactics, including phishing-as-a-service platforms, malware-infected systems, and investment fraud schemes. Notable actions taken during the operation include:
– Qatar: Investigators identified compromised devices that victims unknowingly used to distribute malware. The affected systems were secured, and users were notified to prevent further exploitation.
– Jordan: Authorities dismantled a fraudulent online trading scheme and discovered 15 individuals who had been trafficked and forced into cyber scam operations. Two organizers were arrested, highlighting the intersection of cybercrime and human trafficking.
– Oman: A vulnerable server hosted in a private residence was found infected with malware, exposing critical data. Immediate action was taken to shut down the server and mitigate potential damage.
– Algeria: Law enforcement dismantled a phishing-as-a-service platform, seizing infrastructure and arresting one suspect. This action disrupted a significant source of phishing attacks in the region.
– Morocco: Authorities confiscated devices containing banking data and phishing tools. Multiple individuals are now facing legal proceedings as a result of these findings.
The seizure of 53 servers played a central role in disrupting malicious operations, particularly those used to host phishing kits, command-and-control (C2) infrastructures, and scam platforms. These systems often enable attackers to scale campaigns targeting financial institutions and individuals.
Public-Private Partnership
INTERPOL collaborated with private-sector partners, including Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI, to track malicious infrastructures and analyze threat intelligence. This public-private partnership facilitated faster identification of indicators of compromise (IOCs) and improved response coordination, demonstrating the critical role of collaboration in cybersecurity efforts.
Implications and Future Outlook
Operation Ramz highlights the increasing sophistication of cybercriminal ecosystems in the MENA region, particularly the use of distributed infrastructures and social engineering tactics. The discovery of human trafficking elements within cyber scam operations also underscores the overlap between cybercrime and organized crime networks.
The success of Operation Ramz serves as a testament to the effectiveness of international cooperation in combating cyber threats. However, it also emphasizes the need for continuous vigilance and adaptive strategies to address the evolving nature of cybercrime. Authorities and organizations must remain proactive in their efforts to protect individuals and institutions from emerging cyber threats.
