Interpol reports its cybercrime operation in the Middle East and North Africa has led to 201 arrests, 382 suspects identified, and 3,867 victims uncovered.
The operation by the name Operation Ramz targeted phishing, malware, and online scams, also resulting in the seizure of 53 servers and nearly 8,000 intelligence pieces shared across 13 countries to strengthen regional cyber cooperation.
In their X post on Monday, the operation brought together law enforcement agencies from 13 countries across the MENA region in a large-scale effort to disrupt malicious cyber infrastructure, identify suspects, and prevent further financial harm to victims.
According to the organisation, the operation ran from October 2025 to February 28, 2026 and focused on dismantling cybercrime networks operating across borders, particularly those involved in fraudulent investment schemes and digital fraud platforms.
Interpol reports that alongside the arrests, authorities identified 382 suspects and documented 3,867 victims affected by cyber scams linked to phishing and malware operations. In addition, 53 servers used to facilitate criminal activity were seized during coordinated raids.
The agency said the operation marked a significant milestone as the first cyber enforcement initiative of its scale coordinated in the MENA region.
“The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” Interpol stated.
During the operation, nearly 8,000 pieces of intelligence were shared among participating countries, enabling investigators to trace criminal infrastructure, support arrests, and strengthen cross-border collaboration.
Interpol noted that the intelligence-sharing system was critical in linking cases across jurisdictions and identifying both suspects and compromised systems used in cybercrime activities.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration,” said Neal Jetton, Interpol’s Director of Cybercrime.
He added that Interpol continues to work with member countries and private sector partners to dismantle malicious networks and bring perpetrators to justice.
Operational findings from Operation Ramz revealed the scale and complexity of cybercrime operations in the region, including phishing-as-a-service platforms, malware distribution systems and fraudulent trading schemes.
In Qatar, investigators identified compromised devices that were unknowingly being used to spread malicious software, with affected systems secured and owners notified of preventive measures.
In Jordan, police tracked a computer used in financial fraud schemes involving fake investment platforms.
A raid uncovered 15 individuals involved in the scams, though investigators determined that many had been victims of human trafficking, coerced into participating after being recruited under false job promises. Two suspected orchestrators were arrested.
In Oman, investigators discovered a server in a private residence containing sensitive data. Although the owner had legitimate access, the system was found to have serious security vulnerabilities, including malware infection, and was subsequently disabled.
In Algeria, authorities dismantled a phishing website offering cybercrime services, seizing digital equipment including servers, computers, mobile phones and hard drives containing malicious software, which ended with one suspect arrested.
In Morocco, police confiscated computers, smartphones and external storage devices containing banking data and phishing tools, with several individuals now undergoing judicial procedures while others remain under investigation.
Interpol also confirmed collaboration with cybersecurity partners including Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and TrendAI, who assisted in tracking illegal online activity and identifying malicious servers.
The operation received support from regional authorities and international partners and was partially funded under the CyberSouth+ initiative.
Interpol reports that Operation Ramz demonstrates the growing importance of international cooperation in addressing cybercrime, as criminal networks increasingly exploit digital platforms across borders to target victims and evade law enforcement.
The Interpol concluded that investigations are ongoing as participating countries continue to pursue remaining suspects and dismantle additional infrastructure linked to the operation.