INTERPOL’s Operation Ramz Strengthens MENA Cybersecurity, Leading to 201 Arrests and Identification of 382 Suspects
Marrakech – A significant advancement in regional cybersecurity has been marked by the initiation of Operation Ramz, the first large-scale cybercrime crackdown coordinated by INTERPOL across the Middle East and North Africa (MENA). Conducted from October 2025 to February 2026, this operation resulted in the arrest of 201 individuals and the identification of an additional 382 suspects, representing a critical juncture in the ongoing battle against cybercrime in the region.
Overview of Operation Ramz
Operation Ramz involved collaboration among 13 nations, leading to the identification of 3,867 victims and the seizure of 53 servers. Nearly 8,000 pieces of data and intelligence were exchanged among participating countries, significantly enhancing the effectiveness of the operation and facilitating ongoing investigations.
Morocco played a pivotal role in this initiative, with authorities confiscating computers, smartphones, and external hard drives containing sensitive banking information and software used in phishing schemes. Currently, three individuals are undergoing judicial proceedings, while additional investigations are in progress.
Contributions from Kaspersky and Group-IB
Kaspersky’s Threat Research Center provided crucial technical data regarding cyber threats specific to the region, including insights into malicious infrastructure that supports malware distribution. The Moscow-based cybersecurity firm was one of five private-sector partners collaborating with INTERPOL, alongside Group-IB, the Shadowserver Foundation, Team Cymru, and TrendAI.
Yuliya Shlychkova, Kaspersky’s Vice President of Global Public Affairs, highlighted the importance of collaboration between law enforcement and private sector experts. She stated that such synergy is essential for dismantling sophisticated cybercrime networks at scale. By providing “timely and high-quality” threat intelligence, investigators can act swiftly to protect users and enhance the safety of the digital ecosystem.
Group-IB’s Role and Findings
Group-IB, headquartered in Singapore, played a crucial role by delivering actionable intelligence on over 5,000 compromised accounts, including those linked to government infrastructure. The firm’s analysts mapped active phishing infrastructure across the MENA region, identifying two distinct clusters of threat actors: one focused on creating and distributing phishing resources, and another involved in the sale and distribution of leaked data. This adversary-centric intelligence approach allows for tracking both the infrastructure and the human actors behind cyber threats.
Dmitry Volkov, Group-IB’s CEO, noted a marked increase in phishing and scam infrastructure targeting financial platforms, government services, and individual victims throughout the region. He emphasized that the operation was a product of robust collaboration between their Digital Crime Resistance Centers across MENA and APAC regions, reaffirming the company’s commitment to supporting international efforts aimed at dismantling cybercriminal ecosystems and enhancing cyber resilience.
Implications for Cybersecurity in MENA
The findings from Operation Ramz underscore a broader trend of financially motivated cybercrime targeting the banking sector in the MENA region. Group-IB’s press release indicated that phishing operations specifically targeted financial institutions and their customers, employing harvested credentials to defraud individuals and compromise financial infrastructure.
Neal Jetton, INTERPOL’s Director of Cybercrime, remarked that Operation Ramz exemplified the effectiveness of global collaboration. He reiterated INTERPOL’s dedication to working with member countries and private sector partners to dismantle malicious infrastructure, disrupt criminal groups, and bring perpetrators to justice.
Broader Criminal Activity Uncovered
Beyond Morocco, Operation Ramz revealed a spectrum of criminal activities across the region. In Jordan, police dismantled a financial fraud ring and uncovered a human trafficking operation involving 15 individuals from Asia coerced into running scams. In Algeria, a phishing-as-a-service website was taken down, resulting in the detention of one suspect.
In Qatar, investigators secured compromised devices that had been used to propagate malicious threats without the owners’ knowledge. In Oman, a malware-infected server located in a private residence was identified and disabled.
International Cooperation and Funding
The operation involved 13 participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE. It received support from Qatar’s Ministry of Interior and was partially funded by the European Union and the Council of Europe under the CyberSouth+ project.
The collaborative efforts demonstrated through Operation Ramz highlight the critical need for international cooperation in combating cybercrime. As cyber threats continue to evolve, the importance of sharing intelligence and resources among nations becomes increasingly vital.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-05-21 21:52:00 • By the Editorial Desk
