INTERPOL-Led ‘Operation Ramz’ Cracks Down on Cybercrime 201 Arrested

SINGAPORE: In one of the largest coordinated cybercrime crackdowns ever conducted in the Middle East and North Africa (MENA) region, an INTERPOL-led international operation has resulted in the arrest of 201 suspects and the identification of 382 additional individuals linked to global cybercrime networks. The operation, named “Operation Ramz,” was carried out between October 2025 and February 28, 2026, involving law enforcement agencies from 13 countries across the MENA region.

The large-scale cyber operation focused on dismantling phishing syndicates, malware distribution systems, online financial fraud networks, and other sophisticated cyber scam infrastructures that have caused massive economic losses across several countries. Authorities also identified 3,867 victims during the investigation and seized 53 malicious servers allegedly used to conduct cyberattacks and digital fraud operations.

Operation Ramz is being described as a historic milestone because it marked the first cybercrime operation of this magnitude coordinated by INTERPOL in the MENA region. Investigators from participating countries worked together using intelligence-sharing systems, digital forensics, financial tracking, and cross-border coordination to disrupt cybercriminal ecosystems operating beyond national boundaries.

According to INTERPOL, nearly 8,000 pieces of cyber intelligence and operational data were shared among participating countries to support ongoing investigations and identify suspects involved in phishing attacks, malware campaigns, identity theft, and online investment scams.

INTERPOL Highlights Growing Global Cyber Threat

INTERPOL’s Director of Cybercrime, Neal Jetton, emphasized that international cooperation is becoming increasingly necessary as cybercriminals continue to exploit global digital networks without geographical limitations.

He stated that cybercrime organizations now operate across multiple jurisdictions, often targeting victims in one country while hosting servers or coordinating operations from another nation. He noted that Operation Ramz demonstrated how global law enforcement partnerships can successfully disrupt malicious cyber infrastructures and bring offenders to justice.

Jetton further said that INTERPOL remains committed to working closely with member countries and private-sector cybersecurity firms to combat evolving cyber threats, dismantle cybercrime networks, and improve international cyber resilience.

Countries Across MENA Region Participate in Joint Crackdown

The operation brought together cybercrime units, financial intelligence agencies, digital forensic teams, and specialized investigators from across the Middle East and North Africa. Authorities coordinated raids, analyzed digital evidence, traced cryptocurrency and financial transactions, and tracked malicious online activities linked to organized cybercrime groups.

The operation focused primarily on:

• Phishing scams targeting banking users
• Malware infections and botnet activities
• Fake investment and trading platforms
• Financial fraud networks
• Identity theft operations
• Illegal digital infrastructure hosting malicious software

Officials said the operation not only targeted criminals directly involved in scams but also focused on the technical infrastructure supporting cybercrime operations.

Qatar: Victims Unknowingly Used as Cybercrime Tools

One of the most significant findings emerged in Qatar, where investigators discovered several compromised devices that had unknowingly become part of malicious cyber networks.

Authorities found that the owners of these devices were themselves victims of cyberattacks and had no knowledge that their systems were being used to spread malware and cyber threats. Investigators immediately secured the affected systems and informed device owners about the compromise.

Cybersecurity experts involved in the operation explained that cybercriminals often infect personal computers and devices with hidden malware, transforming them into part of larger cybercrime infrastructures capable of launching phishing campaigns, spam attacks, or distributed cyber operations.

Jordan Uncovers Human Trafficking Link to Cyber Fraud

In one of the most shocking revelations of the operation, investigators in Jordan traced a financial fraud scam to a location where individuals were allegedly being forced into cybercrime activities under coercion.

Jordanian police located a computer system being used to operate fake investment scams through what appeared to be legitimate online trading platforms. Victims were persuaded to invest money into fraudulent schemes that disappeared after deposits were made.

During a raid on the location, authorities discovered 15 individuals allegedly carrying out online scams. However, investigators later determined that many of them were victims of human trafficking.

According to investigators, the individuals had been recruited from Asian countries under the false promise of legitimate employment opportunities. Upon arriving in Jordan, their passports were allegedly confiscated, and they were coerced into participating in online fraud activities.

Authorities arrested two individuals suspected of orchestrating the operation, while efforts are underway to support and protect the trafficking victims involved in the case.

Experts say the case highlights a growing global trend where organized cybercrime syndicates combine online fraud with human trafficking and forced labor operations.

Oman Detects Vulnerable Server Storing Sensitive Data

In Oman, investigators identified a server operating from a private residence that contained sensitive information and exhibited multiple critical cybersecurity vulnerabilities.

Authorities stated that although the server owner had lawful access to the information stored on the system, investigators discovered malware infections and major security weaknesses that could have allowed cybercriminals to exploit the server.

Officials immediately disabled the compromised infrastructure to prevent further damage and reduce the risk of additional cyber intrusions.

Cybersecurity specialists noted that poorly secured servers continue to pose major risks because they can become entry points for cybercriminals seeking access to confidential information or launching further attacks.

Algeria Dismantles ‘Phishing-as-a-Service’ Platform

Authorities in Algeria successfully dismantled a dangerous “phishing-as-a-service” operation during the crackdown.

Investigators located a suspicious server hosting phishing software, scripts, and malicious digital tools designed to help cybercriminals steal personal and banking information from victims.

Police seized:

• One server
• A computer system
• Mobile phones
• Hard drives containing phishing software and scripts

One suspect was taken into custody in connection with the illegal operation.

Cybersecurity analysts say phishing-as-a-service platforms are becoming increasingly common because they allow inexperienced criminals to purchase ready-made tools for conducting scams, credential theft, and financial fraud.

Morocco Seizes Banking Data and Phishing Software

In Morocco, investigators conducted raids that led to the seizure of computers, smartphones, and external hard drives allegedly containing stolen banking data and phishing software.

Authorities confirmed that three individuals are currently undergoing judicial proceedings, while additional suspects remain under investigation.

Investigators are analyzing digital evidence recovered during the raids to determine the scale of the phishing operation and identify possible international connections.

INTERPOL Collaborates with Global Cybersecurity Partners

During Operation Ramz, INTERPOL worked closely with several international cybersecurity organizations and private-sector partners to identify malicious servers and track illegal cyber activities.

Key partners included:

• Group-IB
• Kaspersky
• Shadowserver Foundation
• Team Cymru
• TrendAI

These organizations assisted investigators by providing technical intelligence, threat analysis, malware tracking, and infrastructure monitoring support.

Cybersecurity experts say public-private partnerships are increasingly essential in modern cyber investigations because cybercriminals frequently exploit advanced technologies and operate across multiple countries simultaneously.

Rising Threat of Cross-Border Cybercrime

Authorities involved in Operation Ramz warned that cybercrime is rapidly evolving into one of the most significant security threats facing governments, businesses, and individuals worldwide.

Online fraud networks are increasingly sophisticated, often using:

• Artificial intelligence
• Social engineering techniques
• Cryptocurrency transactions
• Encrypted communication channels
• Remote malware deployment systems

Experts say organized cybercriminal groups are now functioning similarly to multinational corporations, complete with technical teams, financial managers, recruiters, and infrastructure specialists.

The rapid growth of phishing attacks, fake investment platforms, ransomware campaigns, and digital identity theft has caused billions of dollars in global financial losses annually.

Need for Stronger Cyber Awareness

Authorities emphasized that public awareness remains one of the most effective defenses against cybercrime.

Citizens were urged to:

• Avoid clicking suspicious links
• Verify online investment platforms carefully
• Enable multi-factor authentication
• Keep devices and software updated
• Report suspicious online activities immediately
• Avoid sharing banking information through unknown websites or messages

Law enforcement officials also encouraged financial institutions and businesses to strengthen cybersecurity protections and employee training programs to reduce vulnerabilities.

A Landmark Operation Against Cybercrime

Operation Ramz is being viewed as a landmark example of international cybercrime cooperation in the MENA region. The successful arrests, identification of suspects, and dismantling of malicious infrastructure demonstrate how coordinated global action can disrupt increasingly sophisticated cybercriminal networks.

INTERPOL officials stated that investigations linked to Operation Ramz remain ongoing, with authorities continuing to analyze seized devices, financial trails, and digital evidence to identify additional suspects and uncover broader criminal networks.

As cyber threats continue to grow globally, law enforcement agencies are expected to intensify cross-border cooperation and invest further in advanced cyber investigation capabilities to combat organized digital crime.