Operation Ramz: 201 Arrested in MENA Phishing Crackdown

Operation Ramz ran from October 2025 to February 2026 across 13 Middle East and North Africa countries. INTERPOL coordinated the campaign, which disrupted phishing networks and a phishing-as-a-service platform, seized 53 servers, arrested 201 people and identified 382 additional suspects. Investigators also identified 3,867 victims.

Authorities targeted infrastructure used to steal login credentials, banking information and funds. Private-sector cybersecurity firms supplied intelligence that helped locate compromised systems and active phishing nodes across the region.

Algerian authorities confiscated a server, a computer, a mobile phone and hard drives containing phishing software and scripts and disrupted a PhaaS after a raid. Moroccan police seized computers, smartphones and external drives containing banking data and phishing tools. In Oman, investigators found a legitimate server hosted in a private home that had multiple critical vulnerabilities and was infected with malware; officials disabled the system. Qatari investigators discovered devices being used to spread malicious threats, secured the machines and notified the owners. Jordanian police uncovered a fake trading platform used to solicit investments; a raid found 15 people involved in running the scams who were later determined to have been recruited and coerced into participation. Two suspects believed to have organized the Jordan scheme were arrested.

Group-IB, a private cybersecurity company participating in the operation, provided intelligence on more than 5,000 compromised accounts, including accounts tied to government infrastructure. INTERPOL reported that private partners helped map and neutralize criminal infrastructure used to host phishing sites and deliver malware.

Joe Sander, chief executive of Team Cymru, called the operation “a borderless response” and added, ‘Cybercrime is borderless, and the only effective response is one that is equally borderless. Operation Ramz is exactly that kind of response, law enforcement and trusted private-sector partners pooling intelligence, moving in concert, and dismantling the infrastructure that criminals depend on.’

Thirteen countries took part in the campaign: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. INTERPOL coordinated intelligence sharing, operational planning and follow-up actions among national agencies during the five-month effort.

Law enforcement agencies in other countries have also announced recent arrests, indictments and shutdowns in separate cybercrime cases, reflecting a wider push against online criminal networks.