Pierluigi Paganini
May 19, 2026
INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects.
” A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a further 382 suspects identified.” reads the press release published by INTERPOL.
“Thirteen countries from the Middle East and North Africa took part in Operation Ramz (October 2025 – 28 February 2026) which aimed to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent future losses.”
The law enforcement operation, involving 13 countries between Oct 2025 and Feb 2026, targeted cybercrime infrastructure, disrupted criminal networks, and aimed to prevent future digital attacks and financial losses.
Operation Ramz targeted phishing, malware, and cyber scams across the MENA region. Alongside 201 arrests, authorities identified 3,867 victims and seized 53 servers.
The operation also shared nearly 8,000 intelligence records between 13 countries, making it the largest coordinated cybercrime effort ever led by INTERPOL in the region.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice.” Neal Jetton, INTERPOL’s Director of Cybercrime, said.
The operation uncovered multiple cybercrime cases across the MENA region. In Qatar, investigators found compromised devices being used unknowingly to spread malware, which were secured and their owners notified.
In Jordan, a fraud ring running fake investment schemes was exposed; the authorities arressed some suspects, and identified some workers as trafficking victims forced into scams after having their passports confiscated.
In Oman, authorities disabled a vulnerable, malware-infected server hosting sensitive data. In Algeria, a phishing-as-a-service operation was dismantled, with servers, devices, and tools seized and one suspect arrested. In Morocco, authorities confiscated equipment linked to banking data theft and phishing, with multiple suspects under investigation.
INTERPOL collaborated with cybersecurity partners like Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and Trend Micro to track malicious infrastructure and support investigations across the region.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercrime)
