A large-scale international cybercrime crackdown coordinated by INTERPOL has resulted in the arrest of 201 suspects and the identification of hundreds more across the Middle East and North Africa (MENA), marking one of the most significant regional cyber enforcement actions to date.
Codenamed Operation Ramz Operation Ramz, the coordinated effort ran from October 2025 to February 2026 and involved law enforcement agencies from 13 countries working together to dismantle phishing, malware, and online fraud infrastructure.
Widespread Cybercrime Infrastructure Dismantled
According to INTERPOL, authorities identified 382 additional suspects, rescued or identified 3,867 victims, and seized 53 servers tied to cybercriminal activity. The operation primarily targeted phishing schemes, malware distribution networks, and online financial scams that have caused substantial losses across the region.
Investigators said the campaign focused on both disrupting criminal infrastructure and preventing future attacks by neutralizing compromised systems and identifying active threat actors.
Key Enforcement Actions Across the Region
In Algeria, authorities shut down a phishing-as-a-service operation after seizing servers and digital devices containing malicious software and scripts. One suspect was arrested during the raid.
In Morocco, police recovered computers and storage devices holding banking data and tools used in phishing campaigns aimed at stealing financial credentials.
Meanwhile in Oman, investigators discovered a compromised server hosted in a private residence. The system contained sensitive data, critical security flaws, and malware, prompting officials to take it offline immediately.
In Qatar, cyber units found infected devices unknowingly being used to spread malicious software. Authorities secured the systems and alerted the owners to strengthen their cybersecurity practices.
A separate case in Jordan uncovered an elaborate financial fraud scheme in which victims were tricked into investing in fake trading platforms. Once funds were deposited, the platforms were shut down and the money stolen.
Officials also revealed a disturbing human trafficking dimension to the operation. Fifteen individuals involved in scam activities were found to be victims themselves, reportedly coerced into cybercrime after being promised legitimate jobs abroad. Their passports were confiscated upon arrival in Jordan, forcing them into fraudulent operations. Two alleged organizers were arrested.
Private Sector Intelligence Support
Cybersecurity firms played a key role in supporting the operation. Group-IB provided intelligence on more than 5,000 compromised accounts, including some linked to government infrastructure, and identified active phishing networks operating across multiple countries.
Experts from cyber intelligence firm Team Cymru emphasized that international cooperation is essential to tackling modern cybercrime.
Cybersecurity specialists noted that coordinated enforcement actions like Operation Ramz demonstrate how global collaboration between law enforcement and private sector partners can effectively disrupt criminal ecosystems that operate across borders.
Regional Collaboration Against Cyber Threats
Countries participating in the operation included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates.
Officials say the operation reflects growing regional commitment to combating cybercrime threats, particularly phishing networks, ransomware infrastructure, and online fraud syndicates targeting both individuals and institutions.
Growing Global Crackdown on Cybercrime Networks
Operation Ramz comes amid a broader international push against digital crime networks, including recent enforcement actions in Europe and the United States targeting darknet marketplaces, swatting rings, and cyber fraud operations.
Authorities say such cases highlight the increasingly global and interconnected nature of cybercrime, where criminal networks often span multiple jurisdictions and rely heavily on compromised infrastructure.
