SINGAPORE – A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a further 382 suspects identified.
Thirteen countries from the Middle East and North Africa took part in Operation Ramz (October 2025 – 28 February 2026) which aimed to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent future losses.
The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region.
In addition to the arrests made, 3,867 victims were identified, and 53 servers were seized.
Operation Ramz marked a milestone as the first cyber operation of its scale coordinated by INTERPOL in the MENA region. During this effort, nearly 8,000 pieces of crucial data and intelligence were disseminated among participating countries to initiate and support investigations.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice.”
Operational highlights
- In Qatar, intelligence obtained through Operation Ramz led to the identification of compromised devices. Investigators determined that the unsuspecting owners were themselves victims of cyberattacks and unaware that their devices were being used to spread malicious threats. The affected systems were immediately secured, and device owners were notified to take the necessary preventive measures.
- Jordanian police pinpointed the location of a computer being used to run financial fraud scams. Victims were persuaded to invest through what appeared to be a legitimate trading platform, which shut down once funds had been deposited. A raid uncovered 15 individuals carrying out the scams, but investigators determined that they were victims of human trafficking who had been recruited under the false promise of employment from their home countries in Asia. Upon arrival in Jordan, their passports were confiscated, and they were forced or coerced into participating in the scheme. Two individuals suspected of orchestrating the operation were arrested.
- Investigators in Oman identified a server in a private residence that contained sensitive information. Although the owner had legitimate access to the information, the server suffered from multiple critical security vulnerabilities including malware infection. Actions were taken to disable the server to prevent additional harm.
- In Algeria, a website offering phishing as a service was identified and dismantled as part of Operation Ramz. After locating the suspicious server, authorities successfully seized a server, a computer, a mobile phone and hard drives containing phishing software and scripts. One suspect was taken into custody.
- Moroccan authorities seized computers, smartphones and external hard drives containing banking data and software used for phishing operations. As a result, three individuals are undergoing judicial procedures, while others remain under investigation.
During Operation Ramz, INTERPOL worked closely with its partners, Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and TrendAI to track illegal cyber activities and identify malicious servers.
Note to editors
Operation Ramz received support from the Qatar Ministry of Interior and was partially funded by the European Union and the Council of Europe under the CyberSouth+ project.
Participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, UAE.
