A large-scale cybercrime crackdown led by INTERPOL has resulted in 201 arrests and the identification of 3,867 victims across the Middle East and North Africa region. The coordinated operation, known as Operation Ramz, is being described as the first cybercrime operation of its scale conducted by INTERPOL in the MENA region.
The operation ran between October 2025 and February 28, 2026, bringing together law enforcement agencies from 13 countries to disrupt malicious cyber infrastructure linked to phishing, malware campaigns, and online scams. Authorities also identified 382 additional suspects and seized 53 servers during the operation.
Operation Ramz focused on tackling cyber threats that continue to cause financial and operational damage across the region. Participating countries included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE.
According to INTERPOL, nearly 8,000 intelligence packages and data points were shared among participating countries to support investigations and help authorities trace malicious infrastructure connected to cybercriminal activity.
INTERPOL said the operation highlighted the growing importance of cross-border collaboration in combating cybercrime networks that often operate across multiple jurisdictions.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration,” said Neal Jetton.
He added that INTERPOL remains committed to working with member countries and private-sector partners to dismantle malicious infrastructure and bring cybercriminals to justice.
Cybercrime Investigations Across MENA
Authorities involved in Operation Ramz uncovered several cybercrime operations tied to phishing schemes, malware distribution, and financial fraud.
In Qatar, investigators used intelligence gathered during the operation to identify compromised devices that were unknowingly being used to spread malicious threats. Officials secured the infected systems and notified affected users to prevent further misuse.
Jordanian authorities uncovered a fraudulent investment scam operating through what appeared to be a legitimate online trading platform. Victims were convinced to deposit funds before the platform disappeared. During a raid, police found 15 individuals carrying out the scams. However, investigators later determined the workers themselves were victims of human trafficking who had been lured from Asian countries with fake job offers. Their passports were confiscated upon arrival, and they were forced into cyber fraud operations. Two individuals suspected of organizing the scheme were arrested.
In Oman, investigators identified a server hosted in a private residence containing sensitive information. Although the owner had legitimate access to the data, authorities found the server had multiple critical vulnerabilities and malware infections. Officials disabled the server to reduce further cybersecurity risks.
Authorities in Algeria dismantled a phishing-as-a-service website during the operation. Law enforcement seized servers, computers, mobile devices, and hard drives containing phishing scripts and malicious software. One suspect was arrested in connection with the activity.
Meanwhile, Moroccan authorities seized computers, smartphones, and external hard drives containing banking data and phishing software. Three individuals are currently facing judicial proceedings while investigations continue into other possible suspects.
Private Sector Partners Supported Operation Ramz
Several cybersecurity and threat intelligence organizations, including Team Cymru, Kaspersky, Group-IB, the Shadowserver Foundation, and TrendAI, supported operation Ramz.
These organizations worked with INTERPOL to provide threat intelligence, internet visibility, and technical support to identify malicious servers and track illegal cyber activity linked to phishing, malware, and online scam networks.
Joe Sander said cybercrime requires a coordinated international response involving both law enforcement and private-sector intelligence partners.
“Cybercrime is borderless, and the only effective response is one that is equally borderless,” Sander said. “Operation Ramz is exactly that kind of response.”
Team Cymru stated that it contributed external threat intelligence and internet-scale telemetry to help authorities map cybercriminal infrastructure and generate operational leads during the investigations.
Rising Focus on MENA Cybercrime Threats
The success of Operation Ramz reflects the growing focus on cybersecurity cooperation in the MENA region as phishing attacks, malware campaigns, and financial cyber scams continue to evolve.
The operation also demonstrated how intelligence sharing between governments and cybersecurity firms can help authorities rapidly identify malicious infrastructure and prevent additional victims.
Operation Ramz received support from Qatar’s Ministry of Interior and partial funding from the European Union and the Council of Europe under the CyberSouth+ project.
