A large-scale international cybercrime crackdown dubbed Operation Ramz has led to the seizure of 53 servers, the arrest of 201 individuals, and the identification of 382 additional suspects across the Middle East and North Africa (MENA) region.
The coordinated operation, led by INTERPOL, ran from October 2025 to February 28, 2026, marking the first cybercrime initiative of its scale in the region.
The operation involved 13 countries, including Algeria, Jordan, Qatar, Morocco, and the UAE, with a primary focus on dismantling phishing infrastructure, malware campaigns, and financially motivated cyber scams.
Authorities also identified 3,867 victims impacted by these activities, highlighting the widespread reach of the criminal networks.
INTERPOL confirmed that nearly 8,000 intelligence artifacts were shared among participating nations to support investigations and enable rapid disruption of malicious infrastructure.
According to Neal Jetton, INTERPOL’s Director of Cybercrime, the operation demonstrates the growing importance of cross-border collaboration in tackling cyber threats that know no geographical boundaries.
Operation Ramz Seizes 53 Servers
Operation Ramz uncovered multiple cybercriminal tactics, including phishing-as-a-service platforms, malware-infected systems, and investment fraud schemes.
- Qatar: Investigators identified compromised devices that victims unknowingly used to distribute malware. The affected systems were secured, and users were notified.
- Jordan: Authorities dismantled a fraudulent online trading scheme and discovered 15 individuals forced into cyber scam operations after being trafficked. Two organizers were arrested.
- Oman: A vulnerable server hosted in a private residence was found infected with malware and exposed critical data, prompting immediate shutdown.
- Algeria: Law enforcement dismantled a phishing-as-a-service platform, seizing infrastructure and arresting one suspect.
- Morocco: Authorities confiscated devices containing banking data and phishing tools, and multiple individuals are facing legal proceedings.
The seizure of 53 servers played a central role in disrupting malicious operations, particularly those used to host phishing kits, command-and-control (C2) infrastructure, and scam platforms.
These systems often enable attackers to scale campaigns targeting financial institutions and individuals.
INTERPOL collaborated with private-sector partners, including Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI, to track malicious infrastructure and analyze threat intelligence.
This public-private partnership enabled faster identification of indicators of compromise (IOCs) and improved response coordination.
Operation Ramz highlights the increasing sophistication of cybercriminal ecosystems in the MENA region, particularly the use of distributed infrastructure and social engineering tactics.
The discovery of human trafficking elements within cyber scam operations also underscores the overlap between cybercrime and organized crime networks.
The initiative received support from the Qatar Ministry of Interior and funding from the European Union and the Council of Europe under the CyberSouth+ project.
Authorities emphasized that continued intelligence sharing and joint operations will be critical to counter evolving cyber threats and prevent further financial losses across the region.
