A large-scale cybercrime operation across the Middle East and North Africa has resulted in 201 arrests and the identification of another 382 suspects. The operation, called Operation Ramz, ran between October 2025 and February 28, 2026, and brought together 13 countries to target phishing networks, malware attacks and online fraud infrastructure.
Authorities involved in the operation identified 3,867 victims and seized 53 servers linked to cybercriminal activities. Nearly 8,000 intelligence inputs and data points were also shared among participating nations to support investigations and future cybercrime prevention efforts.
The operation marked the first cybercrime initiative of this scale coordinated by INTERPOL in the MENA region. Neal Jetton, INTERPOL’s Director of Cybercrime, said, “In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration.”
Several major breakthroughs were reported during the operation. In Qatar, investigators identified compromised devices unknowingly being used by cybercriminals to spread malicious threats. Authorities secured the systems and informed the affected users.
In Jordan, police uncovered a fake investment scam operating through what appeared to be a legitimate trading platform. During the raid, investigators found that 15 people involved in the operation were actually victims of human trafficking who had been lured with false job offers from Asian countries. Their passports were confiscated and they were allegedly forced into cyber fraud activities. Two suspected organisers were arrested.
In Oman, authorities located a vulnerable server inside a private residence containing sensitive information. The server was infected with malware and was disabled to prevent further risks.
Algerian investigators dismantled a phishing-as-a-service website and seized servers, mobile devices, hard drives and phishing software. One suspect was arrested. Meanwhile, Moroccan authorities confiscated computers, smartphones and storage devices containing banking data and phishing tools, with 3 individuals currently facing judicial proceedings.
INTERPOL also worked closely with cybersecurity partners including Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru and TrendAI during the operation.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.