An INTERPOL cybercrime operation across the Middle East and North Africa (MENA) region has led to the arrest of 201 individuals, while a further 382 suspects have been identified.
According to the intergovernmental organisation, 13 countries participated in Operation Ramz, which ran from October 2025 to 28 February 2026 and aimed to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent further financial losses.
The operation focused on neutralising phishing and malware threats, while also targeting cyber scams that impose significant costs on diaspora communities.
INTERPOL partnered with Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru and TrendAI to track illegal cyber activity and identify malicious servers.
In Algeria, authorities identified and dismantled a phishing-as-a-service website as part of the operation.
Following the discovery of the infrastructure, authorities seized a server, computer, mobile phone and hard drives containing phishing software and scripts. One suspect was taken into custody.
Moroccan authorities seized computers, smartphones and external hard drives containing banking data and software used in phishing operations. Three individuals are undergoing judicial proceedings, while additional suspects remain under investigation.
In the Middle East, Jordanian police traced a computer allegedly being used to run financial fraud scams. Victims were persuaded to invest through what appeared to be a legitimate trading platform, which shut down after funds were deposited.
A subsequent raid uncovered 15 individuals allegedly involved in the scams. Investigators later determined they were victims of human trafficking who had been recruited from Asian countries under false promises of employment.
Meanwhile, in Qatar, intelligence gathered through the operation led to the identification of compromised devices.
Investigators found that the owners were unaware their devices had been hijacked and used to distribute malicious software.
Similarly, authorities in Oman identified a server at a private residence containing sensitive information. Although the owner had legitimate access to the data, the server was found to have multiple critical security vulnerabilities, including malware infections.
Neal Jetton, INTERPOL’s director of cybercrime, said: “In a world where cyber criminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration.
“INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups, and bring perpetrators to justice.”
Yuliya Shlychkova, vice president of global public affairs at Kaspersky, added: “Operation Ramz shows how the synergy between law enforcement agencies and private sector experts can dismantle cybercrime networks at scale.
“By delivering timely threat intelligence, we empower investigators to act swiftly, safeguard users, and ultimately make the digital ecosystem safer for everyone.”
Operation Ramz received support from the Qatar Ministry of Interior and partial funding from the European Union and the Council of Europe under the CyberSouth+ project, a regional initiative aimed at strengthening criminal justice and cybersecurity capabilities across the MENA region.
Share
