INTERPOL says a major cybercrime crackdown across the Middle East and North Africa led to the arrest of 201 people and the seizure of 53 servers used for phishing, malware distribution, and online fraud operations.
The operation, codenamed “Operation Ramz,” ran between October 2025 and February 2026 and involved law enforcement agencies from 13 countries, including Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates.
Authorities said the operation focused on dismantling malicious infrastructure tied to phishing campaigns, malware hosting, financial fraud, and cyber scams targeting victims throughout the region. Investigators also identified another 382 suspects still under investigation.
According to INTERPOL, investigators identified at least 3,867 confirmed victims during the operation. Nearly 8,000 intelligence packages and forensic data points were shared between participating countries to support investigations and coordinated raids.
Several countries carried out targeted operations against local cybercrime groups. Algerian authorities dismantled a phishing-as-a-service platform after confiscating servers, computers, phones, and hard drives containing phishing kits and attack scripts. One suspect was arrested in connection with the operation.
Moroccan investigators seized computers, smartphones, and external drives allegedly containing stolen banking information and software used in phishing attacks. Jordanian authorities also confiscated devices tied to online fraud operations during coordinated searches.
INTERPOL said the operation was supported by several private cybersecurity companies, including Kaspersky, Group-IB, Team Cymru, Shadowserver Foundation, and Trend Micro. These firms helped identify malicious infrastructure, track phishing networks, and provide technical intelligence used in the investigation.
Neal Jetton, INTERPOL’s Director of Cybercrime, said cybercriminal groups continue exploiting cross-border digital infrastructure to target victims globally, making international cooperation critical for disruption efforts.
Operation Ramz marked the first cybercrime operation of this scale coordinated by INTERPOL specifically within the MENA region. Investigators say the operation highlighted the growing role of phishing-as-a-service platforms and malware distribution networks in regional cybercrime ecosystems.
The announcement comes amid a broader series of global INTERPOL cybercrime crackdowns. Earlier this year, Operation Synergia III involved 72 countries and resulted in the takedown of more than 45,000 malicious IP addresses and servers linked to phishing, ransomware, and malware campaigns worldwide.