INTERPOL has announced the results of what it described as the largest coordinated cybercrime operation ever conducted in the Middle East and North Africa (MENA) region. The operation, named “Operation Ramz,” led to the arrest of 201 individuals, while another 382 suspects were identified across 13 participating countries.
Scope and scale of Operation Ramz
The operation was carried out between October 2025 and 28 February 2026 with the objective of dismantling cybercrime infrastructure linked to phishing attacks, malware campaigns and online financial fraud. Authorities said the coordinated effort also focused on disrupting malicious digital networks and preventing future cyber-enabled financial losses across the region.
According to INTERPOL, investigators identified 3,867 victims during the operation and seized 53 servers connected to cybercriminal activities. The agency described Operation Ramz as the first cybercrime operation of this scale coordinated in the MENA region. Nearly 8,000 intelligence inputs and data points were exchanged among participating countries to support investigations, identify suspects and coordinate raids.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Cross-country findings and victim impact
INTERPOL’s Director of Cybercrime, Neal Jetton, said cybercriminals today operate without geographical boundaries, making international cooperation critical in combating digital threats. He said Operation Ramz demonstrated how coordinated global action can successfully disrupt cybercriminal networks and bring offenders to justice.
Countries participating in the operation included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. The operation received support from Qatar’s Ministry of Interior and partial funding through the European Union and Council of Europe-backed “CyberSouth+” project.
Key discoveries—phishing, trafficking and compromised devices
Investigations conducted during the operation uncovered multiple forms of cybercrime activity across the region. In Qatar, intelligence gathered through Operation Ramz helped investigators identify compromised digital devices being used to spread malicious cyber threats. Authorities later discovered that the owners of those devices were themselves victims of cyberattacks and were unaware that their systems had been hijacked for illegal operations. Security measures were immediately implemented and affected users were notified.
In Jordan, police traced a computer allegedly being used to run online investment fraud schemes. Investigators found that victims were persuaded to invest through what appeared to be legitimate online trading platforms. Once money was deposited, the platforms disappeared or shut down. During raids, authorities located 15 individuals involved in carrying out the scams. However, investigators later determined that many of them were victims of human trafficking.
Seizures, regional actions and partnerships
According to officials, the individuals had been lured from Asian countries with false promises of employment opportunities. After arriving in Jordan, their passports were allegedly confiscated and they were forced or coerced into participating in cyber fraud operations. Two individuals accused of orchestrating the scheme were arrested.
In Oman, investigators identified a server located inside a private residence that stored sensitive information. Although the server owner reportedly had legitimate access to the data, authorities discovered multiple critical cybersecurity vulnerabilities and malware infections within the system. The server was subsequently disabled to prevent further harm.
Authorities in Algeria dismantled a “phishing-as-a-service” platform as part of the operation. Investigators seized servers, computers, mobile phones and hard drives containing phishing software and scripts, while one suspect was taken into custody. In Morocco, officials confiscated digital devices containing banking data and phishing-related tools, leading to judicial proceedings against three individuals.
During Operation Ramz, INTERPOL also collaborated with several international cybersecurity partner organizations and technical agencies. These organizations assisted investigators in identifying malicious servers, phishing infrastructure and malware-linked digital networks, helping authorities accelerate coordinated enforcement actions across multiple countries.
