Operation Ramz: Inside INTERPOL’s First Cybercrime Sweep Across the Middle East and North Africa

Cybercrime networks operating across the Middle East and North Africa faced a major disruption during INTERPOL’s Operation Ramz, the first coordinated cybercrime crackdown spanning the region. Conducted between October 2025 and 28 February 2026, the operation united law‑enforcement agencies from 13 countries to target phishing campaigns, malware operations, and online fraud schemes responsible for significant financial losses.

The coordinated effort produced hundreds of arrests and uncovered thousands of victims while dismantling key pieces of criminal digital infrastructure used by fraud networks.

Key results of Operation Ramz

The operation produced several measurable outcomes across the region:

• 201 individuals arrested for suspected involvement in cybercrime activities.
• 382 additional suspects identified by investigators.
• 3,867 victims identified across the participating countries.
• Dozens of servers seized (about 50–53) along with other digital infrastructure used to host phishing pages, malware and fraud tools.

The investigation focused on disrupting phishing schemes, malware distribution and large‑scale online scams, which investigators say caused significant financial losses across the region.

The 13 countries involved

Law‑enforcement agencies from across the MENA region participated in the coordinated sweep. Countries reported to be involved include:

• Algeria
• Bahrain
• Egypt
• Iraq
• Jordan
• Kuwait
• Lebanon
• Libya
• Morocco
• Oman
• Palestine
• Qatar
• United Arab Emirates

INTERPOL coordinated intelligence sharing and investigative support between these national agencies to identify suspects, trace criminal infrastructure, and coordinate arrests across borders.

Major disruptions in key countries

Several participating states reported notable takedowns during the operation:

Jordan – Authorities disrupted phishing infrastructure and arrested suspects connected to cyber‑fraud operations targeting individuals and businesses.

Algeria – Investigators dismantled online scam infrastructure and identified suspects tied to fraud networks affecting victims in multiple countries.

Morocco – Police seized computers, smartphones, and external storage devices containing banking data and software used in phishing campaigns.

Qatar – Authorities helped identify and disrupt malicious servers and infrastructure supporting cyber‑fraud operations.

These actions contributed to the wider regional effort to dismantle cybercrime infrastructure and gather evidence for further investigations.

How international and private‑sector cooperation helped

Operation Ramz relied heavily on cross‑border coordination and intelligence sharing. INTERPOL served as the central hub, allowing investigators in different countries to share data about suspects, malicious domains, and digital infrastructure in near real time.

Private cybersecurity firms also played a key role. Companies such as Group‑IB and Kaspersky provided threat‑intelligence data on phishing campaigns, malware activity, and scam networks that helped investigators locate infrastructure and identify suspects.

This public‑private collaboration allowed law enforcement to combine investigative authority with technical threat‑intelligence insights, improving the speed and scope of the operation.

Why Operation Ramz matters

Operation Ramz demonstrates how regional cooperation is becoming essential to tackling cybercrime, which often operates across borders using distributed infrastructure and anonymous payment systems.

By coordinating investigations across 13 countries and combining law‑enforcement capabilities with private‑sector intelligence, the operation disrupted major cyber‑fraud networks and exposed thousands of victims—highlighting both the scale of the problem and the growing international response to it.