Skip to main content
Threat IntelligenceEmerging Threats

Interpol Disrupts Cybercrime Networks in MENA Region with 201 Arrests

Officials from various countries gather at Interpol facility for cybercrime disruption announcement.

"We are proud to have supported Interpol and the 13 countries that participated in Operation Ramz with the visibility needed to turn data into action," said Joe Sander, CEO of Team Cymru.

Operation Ramz: scale, timeframe and measurable results

Interpol coordinated a cross-border cybercrime operation across the Middle East and North Africa (MENA) that ran from October 2025 to February 2026 and involved authorities from 13 countries. The campaign, called Operation Ramz, produced tangible enforcement outcomes: 201 people were arrested, an additional 382 suspects were identified, and 3,867 victims were logged by participating agencies. Investigators also seized 53 servers used in cybercriminal activity and disseminated almost 8,000 pieces of data and intelligence to participating countries to support follow-on investigations.

On-site actions in Qatar, Jordan, Oman, Algeria and Morocco

The operation included targeted on-the-ground activity in multiple states. In Qatar, intelligence uncovered compromised devices that were being used by unsuspecting victims to spread threats; authorities moved to secure those devices and notify their owners. Jordanian police exposed a financial fraud scam linked to human trafficking and rescued 15 victims who had been forced into cybercrime after their passports were confiscated. Omani authorities disabled a vulnerable server located in a private residence that contained sensitive data, taking steps to prevent further harm. In Algeria, investigators dismantled a phishing-as-a-service operation, seizing equipment and arresting one suspect. Moroccan authorities seized devices containing banking data and phishing tools and initiated judicial proceedings against three individuals, with others remaining under investigation.

Public-private partnership and funding that enabled the operation

Operation Ramz was conducted with cooperation among national authorities from Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. The initiative received support from the Qatar Ministry of Interior and was partially funded by the European Union and the Council of Europe under the CyberSouth+ project. Interpol and the participating agencies worked with private-sector partners — Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and TrendAI — to track illegal cyber activities and identify malicious servers. Joe Sander of Team Cymru framed his company’s role as providing visibility to convert data into action and said the firm would continue investing in partnerships that protect victims and hold offenders to account.

How technologists, law enforcement, and victims are affected

  • Technologists and security teams: Private partners supplied visibility and server attribution that helped identify 53 malicious servers and produced nearly 8,000 intelligence items for sharing; those teams will likely use the shared data to harden detection and takedown workflows.
  • Law enforcement and regulators: The coordinated arrests, equipment seizures and cross-border information exchange demonstrate a model for multilateral enforcement across 13 MENA jurisdictions, creating a record of investigative leads and judicial proceedings that authorities can pursue with the disseminated intelligence.
  • Victims and at-risk individuals: Authorities identified 3,867 victims and in at least one case in Jordan rescued 15 people coerced into cybercrime after their passports were confiscated, underscoring both the human harm tied to online fraud and the law-enforcement nexus with human-trafficking investigations.

Operation Ramz produced a mix of immediate disruption — arrests, server seizures and rescues — and a secondary product intended for longer-term impact: a large cache of cross-border intelligence to be used in follow-up probes and prosecutions. The operation also illustrates the role of mixed funding and private-sector technical visibility in enabling coordinated action across multiple national police forces. The facts released by Interpol and its partners leave little doubt about the scale of activity encountered: hundreds of suspects identified, thousands of victims logged and dozens of infrastructure elements removed from criminal use. Whether the disseminated intelligence will translate into sustained legal outcomes and systemic reduction of phishing and malware threats in the region will be borne out in the investigations and proceedings the operation has set in motion.

Source: Infosecurity Magazine — Interpol Launches Sweeping Cybercrime Crackdown in MENA Region