Interpol coordinated its first cybercrime crackdown across the Middle East and North Africa (MENA), resulting in 201 arrests and the identification of a further 382 suspects.
The effort, which ran from October 2025 to February 2026, involved efforts from 13 countries in the region and aimed to investigate and neutralize malicious infrastructure, apprehend the perpetrators behind these activities, and prevent future losses.
Interpol said in a statement: “This operation focused on neutralizing phishing and malware threats and combating cyber fraud that causes significant damage to the region.” “In addition to the arrests, 3,867 victims were identified and 53 servers were seized.”
The operation, codenamed “Ramz,” disrupted a phishing-as-a-service (PhaaS) operation by Algerian authorities after seizing servers, computers, mobile phones, and hard drives containing phishing software and scripts. One suspect was arrested in connection with the scheme.
Elsewhere, Moroccan authorities seized computers, smartphones and external hard drives containing banking data and software used in phishing operations.
Authorities also determined that a legitimate server located in a private residence in Oman contained sensitive information. The server had multiple critical security vulnerabilities and was infected with malware. Interpol said steps were taken to disable the server.
In a similar case, compromised devices were discovered in Qatar, but the owners themselves were unaware that their systems were being used to spread “malicious threats.” The exact nature of these threats has not been disclosed, but affected machines have been secured and device owners have been warned to take appropriate security measures.
Finally, Jordanian police identified the computer used to carry out the financial fraud. The computer tricked unsuspecting users into investing their assets in a seemingly legitimate trading platform, only to stop once the funds were deposited.
“The investigation identified 15 individuals who perpetrated the fraud, who investigators determined were victims of human trafficking who were recruited from their Asian home countries under false promises of employment,” Interpol said in a statement.
“Upon arrival in Jordan, their passports were confiscated and they were forced or forced to participate in the scheme. Two individuals suspected of orchestrating the scheme were arrested.”
Group-IB, one of the private companies involved in the effort, said it provided “actionable intelligence” on more than 5,000 compromised accounts, including those associated with government infrastructure, and shared details about active phishing infrastructure across the region.
Joe Sander, CEO of Team Cymru, said: “Cybercrime knows no borders, and the only effective response is one that also knows no borders.” “Operation Rams is just such a response, where law enforcement and trusted private sector partners share information and act in concert to dismantle the infrastructure that criminals rely on.”
Countries participating in Operation Rams include Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE.
Series of law enforcement actions
The arrests came against the backdrop of a series of law enforcement actions announced by Germany and the US Department of Justice (DoJ) in recent weeks.
Thomas Szabo (also known as Plank, Jonah, and Cypher), 27, of Romania, was sentenced to 48 months in prison for his role as the ringleader of an online swatting ring that targeted more than 75 public officials, four religious groups, and multiple journalists. Following his arrest in Germany last week, Owe Martin Andresen (also known as Speedstepper), the alleged main administrator of the illegal darknet market Dream Market, has been indicted on money laundering charges. On the Spanish island of Mallorca, a rebooted version of the Crimenetwork marketplace (originally demolished in December 2024) has been shut down and its suspected administrator, a 35-year-old German national, has been arrested. A federal jury has convicted Sohaib Akhter, 34, of Alexandria, Virginia, of deleting 96 databases storing U.S. government information and stealing the plaintext passwords of individuals who filed complaints on the Equal Employment Opportunity Commission’s public portal. Alan Bil, 33, of Bratislava, manager of Slovakia’s Kingdom Market, was sentenced to 200 months (over 16 years) in prison after pleading guilty in early January to conspiracy to distribute controlled substances, illegal substances, stolen financial data, false documents and malware. David Jose Gomez Segarra, 25, of Venezuela, was sentenced to time-limited execution and to pay a total of $294,820 in damages in connection with a series of ATM jackpot incidents that occurred in New York, Massachusetts, and Illinois from October 5, 2024 to November 11, 2024. Marlon Ferro (aka Goth Ferrari), 20, of Santa Ana, California, was sentenced to 78 months in prison in connection with a social engineering conspiracy that stole more than $250 million in virtual currency from victims across the United States between late 2023 and early 2025.
“this [social engineering] “This scheme combined sophisticated online fraud with old-fashioned robbery to exfiltrate millions of dollars in digital assets from victims,” said U.S. Attorney Jeanine Ferris Pirro.
“The operatives of this conspiracy typically targeted individuals believed to hold large amounts of cryptocurrencies. Its members manipulated victims into relinquishing access to their digital wallets through elaborate fraud schemes. Companies turned to Ferro when victims stored their cryptocurrencies in hardware wallets, physical devices that cannot be accessed remotely.”
Source link
