Operation Ramz: Inside INTERPOL’s First Cybercrime Sweep Across the Middle East and North Africa

The investigation focused on disrupting phishing schemes, malware distribution and large‑scale online scams, which investigators say caused significant financial losses across the region.

The 13 countries involved

Law‑enforcement agencies from across the MENA region participated in the coordinated sweep. Countries reported to be involved include:

• Algeria
• Bahrain
• Egypt
• Iraq
• Jordan
• Kuwait
• Lebanon
• Libya
• Morocco
• Oman
• Palestine
• Qatar
• United Arab Emirates

INTERPOL coordinated intelligence sharing and investigative support between these national agencies to identify suspects, trace criminal infrastructure, and coordinate arrests across borders.

Major disruptions in key countries

Several participating states reported notable takedowns during the operation:

Jordan – Authorities disrupted phishing infrastructure and arrested suspects connected to cyber‑fraud operations targeting individuals and businesses.

Algeria – Investigators dismantled online scam infrastructure and identified suspects tied to fraud networks affecting victims in multiple countries.

Morocco – Police seized computers, smartphones, and external storage devices containing banking data and software used in phishing campaigns.

Qatar – Authorities helped identify and disrupt malicious servers and infrastructure supporting cyber‑fraud operations.

These actions contributed to the wider regional effort to dismantle cybercrime infrastructure and gather evidence for further investigations.

How international and private‑sector cooperation helped

Operation Ramz relied heavily on cross‑border coordination and intelligence sharing. INTERPOL served as the central hub, allowing investigators in different countries to share data about suspects, malicious domains, and digital infrastructure in near real time.

Private cybersecurity firms also played a key role. Companies such as Group‑IB and Kaspersky provided threat‑intelligence data on phishing campaigns, malware activity, and scam networks that helped investigators locate infrastructure and identify suspects.

This public‑private collaboration allowed law enforcement to combine investigative authority with technical threat‑intelligence insights, improving the speed and scope of the operation.

Why Operation Ramz matters

Operation Ramz demonstrates how regional cooperation is becoming essential to tackling cybercrime, which often operates across borders using distributed infrastructure and anonymous payment systems.

By coordinating investigations across 13 countries and combining law‑enforcement capabilities with private‑sector intelligence, the operation disrupted major cyber‑fraud networks and exposed thousands of victims—highlighting both the scale of the problem and the growing international response to it.