BIP Charlotte

collapse
Close menu
×
Home / Daily News Analysis / 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

May 20, 2026  Twila Rosenbaum  1 views
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

A major international law enforcement operation, named Operation Ramz, has resulted in the arrest of 201 individuals across 13 countries in the Middle East and North Africa (MENA) region. The coordinated crackdown, which ran from October 2025 to February 2026, focused on disrupting phishing and malware operations that have been preying on individuals and organizations in the region.

In addition to the arrests, authorities identified 382 additional suspects and seized 53 servers used to facilitate cybercrimes. Interpol announced that the operation also led to the identification of 3,867 victims across participating jurisdictions, highlighting the widespread impact of these digital threats.

Key Facts from Operation Ramz

  • Arrests: 201 individuals taken into custody.
  • Suspects identified: 382 additional suspects whose activities were linked to the operation.
  • Servers seized: 53 servers, many containing malicious software and stolen data.
  • Victims: 3,867 victims identified across the region.
  • Participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates.
  • Private partners: Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI provided threat intelligence and infrastructure tracking.

Country-Specific Actions

Operation Ramz involved a range of actions tailored to the cyber threats in each participating country. In Algeria, law enforcement shut down a phishing-as-a-service (PhaaS) website, arrested one suspect, and seized a server, computer, phone, and hard drives that contained malicious software and scripts. The takedown of the PhaaS platform disrupted a service that enabled other criminals to launch phishing attacks without technical expertise.

In Jordan, police located a computer used in financial fraud scams and arrested two individuals who orchestrated the scheme. An alarming aspect of the Jordanian case was that 15 individuals were carrying out the scams, but all were victims of human trafficking. The suspects promised employment to individuals from various Asian countries, confiscated their passports upon arrival in Jordan, and forced them to participate in the fraud operation. This intersection of cybercrime and human trafficking underscores the complex human rights challenges linked to digital fraud.

In Morocco, authorities arrested three individuals and seized computers, phones, and hard drives used in phishing operations. The devices contained evidence of large-scale credential theft and social engineering campaigns targeting Moroccan citizens and businesses.

In Oman, authorities disabled a server that contained sensitive information and was affected by multiple critical vulnerabilities. The server had been infected with malware, allowing attackers to exfiltrate data and potentially launch further attacks. By securing the server, Omani authorities prevented further compromise of victims' data.

In Qatar, law enforcement identified compromised devices that had been used to spread malware without their owners' knowledge. The systems were secured, and the owners were notified. This proactive approach helped mitigate damage and raise awareness among victims about their compromised state.

Broader Context of Cyber Threats in MENA

The MENA region has become a significant hotspot for cybercrime, including phishing, ransomware, and financial fraud. With rapid digital transformation and increasing internet penetration, threat actors have found fertile ground for attacks. Operation Ramz targeted both the infrastructure of cybercrime and the criminal networks that profit from it. Phishing attacks, in particular, have become more sophisticated, leveraging social engineering and deceptive websites to steal credentials and financial information. The operation's focus on malware also reflects a growing trend in which attackers use malicious software to gain persistent access to systems, deploy ransomware, or steal sensitive data.

The Role of Private-Public Collaboration

A key success factor for Operation Ramz was the collaboration between law enforcement agencies and private sector cybersecurity firms. Companies like Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI provided critical intelligence on malicious infrastructure, threat actor profiles, and victim alerts. Team Cymru CEO Joe Sander emphasized that cybercrime is borderless and that effective responses must be equally borderless. He noted that pooling intelligence and moving in concert allows law enforcement to dismantle the infrastructure that criminals depend on. Such partnerships are increasingly vital as cybercriminal networks become more decentralized and sophisticated.

Human Trafficking and Cyber Fraud Nexus

The Jordan case highlights a disturbing trend where organized crime groups use human trafficking to staff cyber fraud operations. Victims are lured with promises of legitimate employment, only to find themselves forced to execute scams under threat. This model has been observed in other regions, such as Southeast Asia, where large-scale scam compounds have been exposed. Operation Ramz demonstrates that law enforcement is now actively addressing both the cybercrime and the human rights abuses associated with these operations. The identification and rescue of trafficking victims is an important outcome beyond the usual technical metrics of servers seized or domains taken down.

Comparison with Previous Operations

Operation Ramz is part of a series of Interpol-coordinated crackdowns on cybercrime in recent years. In a similar operation earlier in 2025, 574 individuals were arrested and $3 million seized in a crackdown on African cybercrime rings. Another operation saw the arrest of over 1,000 individuals in Southeast Asia for online scams. These efforts reflect a global recognition that cybercrime requires coordinated, cross-border responses. Ramz specifically targeted the MENA region, bringing together countries that may not always cooperate on law enforcement matters. The operation's success could pave the way for deeper collaboration and more frequent joint actions.

Impact on Cybersecurity Landscape

The takedown of 53 servers and identification of thousands of victims disrupts the operations of multiple cybercriminal groups. However, experts caution that such operations, while significant, only temporarily degrade criminal networks. Replacement infrastructure can be set up quickly, and the anonymity provided by technologies like VPNs and the Tor network complicates enforcement. Long-term reductions in cybercrime require sustained effort, including public awareness, improved security practices, and legislative frameworks that support international cooperation.

Operation Ramz also sends a strong deterrent message to cybercriminals operating in the region. The participation of 13 countries demonstrates that law enforcement is watching and willing to act. As the digital economy continues to grow, such operations will become more frequent and more sophisticated. The private sector's role will be crucial in providing real-time data and forensic support to law enforcement agencies that may lack advanced cyber capabilities.


Source: SecurityWeek News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.