INTERPOL has coordinated a large scale cybercrime operation across the Middle East and North Africa region that resulted in 201 arrests and the identification of an additional 382 suspects connected to malicious cyber activities. Named Operation Ramz, the initiative brought together authorities from 13 countries between October 2025 and February 2026 to investigate cybercriminal infrastructure, disrupt phishing and malware operations, and reduce financial and operational damage caused by cyber scams targeting organizations and individuals throughout the region.
According to INTERPOL, Operation Ramz focused on dismantling phishing campaigns, malware related threats, and cyber fraud operations that have contributed to financial losses across MENA countries. The operation led to the identification of 3,867 victims and the seizure of 53 servers linked to cybercriminal activities. Authorities in Algeria disrupted a phishing as a service operation after confiscating a server used to facilitate phishing campaigns, along with digital devices including a computer, mobile phone, and hard drives containing phishing scripts and software. One suspect was taken into custody in relation to the case. In Morocco, investigators seized computers, smartphones, and external storage devices believed to contain banking data and software associated with phishing operations targeting victims.
The investigation also uncovered cybersecurity risks beyond direct criminal operations. In Oman, authorities identified a legitimate server operating from a private residence that contained sensitive information but had been compromised due to multiple critical vulnerabilities and malware infection. INTERPOL stated that measures were taken to disable the affected server to prevent further misuse. A related case in Qatar revealed compromised devices being used to distribute malicious activity without the owners’ knowledge. While details about the threats linked to these devices were not publicly disclosed, authorities reportedly secured the systems and informed owners to implement appropriate cybersecurity measures. In Jordan, law enforcement identified a computer system connected to financial fraud campaigns where victims were convinced to invest assets through what appeared to be legitimate online trading platforms before funds disappeared after deposits were made. During a raid connected to the operation, investigators discovered 15 individuals carrying out scam related activities but later determined they had themselves been victims of human trafficking. According to INTERPOL, these individuals had been recruited from Asian countries under false employment promises, had their passports confiscated upon arrival, and were coerced into participating in fraudulent activities. Two suspects believed to be responsible for organizing the operation were taken into custody.
Private sector cybersecurity firms also contributed intelligence during Operation Ramz. Group IB shared actionable intelligence involving more than 5,000 compromised accounts, including accounts linked to government infrastructure, while also identifying active phishing systems operating in the region. Team Cymru CEO Joe Sander stated that cybercrime requires cross border cooperation and described Operation Ramz as an example of intelligence sharing between law enforcement agencies and trusted private sector organizations. Countries participating in the operation included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and UAE. The development also comes amid several international law enforcement actions targeting cybercrime activities, including prosecutions linked to online swatting campaigns, darknet marketplaces, cryptocurrency fraud schemes, ATM jackpotting incidents, OTP interception services, and social engineering operations targeting digital asset holders.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
