At a glance: INTERPOL dismantles cybercrime networks in the Middle East and North Africa in Operation Ramz with 201 arrests, 3,867 identified victims, and 53 seized servers between October 2025 and February 2026.
INTERPOL coordinated an unprecedented crackdown on cybercrime in the Middle East and North Africa, resulting in 201 arrests between October 2025 and February 2026. The operation involved 13 countries in the region to dismantle malicious infrastructure and prevent future cyberattacks.
The international law enforcement agency INTERPOL conducted a coordinated action against cybercrime in the Middle East and North Africa, targeting phishing, malware, and cyber fraud schemes. The operation resulted in 201 arrests and the identification of 382 additional suspects. In total, 3,867 victims were identified and 53 servers were seized.
As part of the so-called Operation Ramz, Algerian authorities dismantled a phishing-as-a-service network after seizing its servers and arresting a suspect. In Morocco, authorities secured computers, smartphones, and external hard drives containing banking data and phishing software.
A particularly notable case occurred in Oman, where a private server was discovered with critical security vulnerabilities and malware infections. In Qatar, compromised devices were found whose owners were unaware that their devices were being used to spread malware.
A particularly concerning case involved Jordan, where police uncovered a fraud network comprising 15 individuals. However, investigations revealed that these individuals were themselves victims of human trafficking who had been recruited from Asia under false promises of employment and forced to participate in financial fraud schemes.
The security company Group-IB contributed significantly to the operation’s success by providing information on more than 5,000 compromised accounts and sharing details about active phishing infrastructure in the region.