An INTERPOL-led cybercrime operation spanning 13 countries in the Middle East and North Africa has resulted in 201 arrests and the identification of 382 additional suspects linked to online fraud, phishing campaigns and malware activity.
The initiative, known as Operation Ramz, ran between October 2025 and February 2026 and focused on disrupting infrastructure used to support cyber scams and malware distribution. According to INTERPOL, the investigation involved nearly 4,000 victims across the region and included intelligence sharing among participating law enforcement agencies.
As part of the operation, cybersecurity vendor Kaspersky provided threat intelligence related to malware infrastructure and command-and-control servers used by attackers operating in the region. The company's threat research team shared technical data with law enforcement partners to help identify systems involved in cybercriminal activity and support ongoing investigations.
Operation Ramz was the first cybercrime enforcement effort of its scale coordinated by INTERPOL in the MENA region. During the investigation, nearly 8,000 intelligence records were distributed among participating countries to assist local authorities in tracking cybercriminal infrastructure and identifying suspects.
Several countries reported operational outcomes tied to the intelligence-sharing effort. In Jordan, authorities dismantled an investment fraud scheme that used a fake trading platform to solicit funds from victims. A police raid led to the arrest of two suspected organizers and the identification of 15 individuals involved in the operation.
In Algeria, investigators shut down a phishing-as-a-service platform and seized servers, computers, mobile devices and storage media containing phishing tools and scripts. One suspect was arrested. Moroccan authorities also seized equipment containing banking data and software allegedly used in phishing campaigns, while judicial proceedings continue against several individuals linked to the case.
Authorities in Qatar used intelligence from the operation to identify compromised devices and notify affected users, while investigators in Oman disabled a server found to contain sensitive information after tracing it to a private residence.
The operation reflects a broader trend of cooperation between law enforcement agencies and private cybersecurity companies as cybercrime investigations increasingly depend on intelligence about malware infrastructure, digital fraud operations and cross-border criminal networks.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice,” said Neal Jetton.
“Operation Ramz shows how the synergy between law enforcement agencies and private sector experts can dismantle sophisticated cybercrime networks at scale,” noted Yuliya Shlychkova. “By delivering timely, high-quality threat intelligence, we empower investigators to act swiftly, safeguard users, and ultimately make the digital ecosystem safer for everyone.”
