Group-IB, a leading developer of cybersecurity technology for preventing, investigating and combating digital crime, reports that it contributed to the INTERPOL-led Operation Ramz—one of the first large coordinated cybercrime actions across the Middle East and North Africa (MENA).
Conducted between October 2025 and February 2026, the operation targeted phishing infrastructure, malware and cyberfraud that caused significant financial and personal harm to individuals and organizations across the region.
The operation spanned 13 MENA countries and resulted in the arrest of 201 people, while an additional 382 suspects were identified. Investigators also identified 3,867 victims, seized 53 servers and exchanged nearly 8,000 intelligence records among participating countries to support ongoing and future investigations.
As part of the effort, Group-IB provided intelligence on more than 5,000 compromised accounts, including credentials tied to government infrastructure. This information gave investigators clearer insight into the scale of credential compromise across the region.
Group-IB analysts also discovered and mapped active phishing infrastructure throughout the MENA region. Their analysis revealed two distinct clusters of threat actors: those who built and deployed phishing resources and those who sold and distributed stolen data. Actor-focused threat intelligence helped strengthen the overall impact of the operation.
Fraud, malware and phishing infrastructure uncovered
Operation Ramz exposed several types of cybercriminal activity across the region.
In Qatar, investigators found compromised devices whose owners had themselves been victims of cyberattacks and were unaware their systems were being used to distribute malicious tools. The affected systems were secured and owners were advised on necessary protective measures.
In Jordan, authorities dismantled a fraud operation posing as a legitimate trading platform. The inquiry revealed that 15 individuals carrying out the fraud were themselves victims of human trafficking: recruited from Asian countries with false promises of work, had their passports confiscated on arrival, and were forced to participate in the scheme. Two people suspected of organizing the operation were arrested.
In Oman, a server located in a private residence was found to contain sensitive information. Although the owner had legitimate access, investigators discovered serious security gaps including an active malware infection; the server was taken offline to prevent further harm.
In Algeria, a phishing-as-a-service platform was identified and shut down. One suspect was arrested and hardware containing phishing software and scripts was seized.
In Morocco, authorities seized computers and external hard drives containing banking data and phishing tools, and three people faced legal action.
“The MENA region has seen a sharp rise in phishing and fraud infrastructure targeting financial platforms, government bodies and individual victims. Operation Ramz demonstrates what coordinated, intelligence-led efforts can achieve,” said Dmitry Volkov, CEO of Group-IB.
“In a world where cybercriminals exploit the borderless digital landscape, Operation Ramz highlights the effectiveness of global collaboration. INTERPOL remains committed to working with member countries and private partners to dismantle malicious infrastructure and bring cybercriminals to justice,” said Neal Jetton, head of cybercrime at INTERPOL.
Public-private cooperation remains essential
Group-IB has long-standing partnerships with international law enforcement organizations such as INTERPOL, Europol and AFRIPOL, providing threat intelligence and investigative support for global cybercrime inquiries.
Through its network of Digital Crime Resistance Centers (DCRC), regional expertise and advanced threat and fraud intelligence, the company turns technical indicators into operational leads that support coordinated actions against cybercrime.
As cybercrime grows in sophistication and scale, public-private collaboration is increasingly recognized as a crucial factor for identifying emerging threats, dismantling criminal infrastructure and strengthening cyber resilience both in the MENA region and globally.
About Group-IB
Founded in 2003, Group-IB is a leading provider of predictive cybersecurity technologies used to investigate, prevent and fight digital crime worldwide. Headquartered in Singapore, Group-IB operates Digital Crime Resistance Centers across the Americas, Europe, the Middle East and Africa, Central Asia and the Asia-Pacific. The company delivers predictive, intelligence-driven defense by analyzing and neutralizing regional and country-specific cyber threats through its Unified Risk Platform. Its product portfolio includes Cyber Fraud Intelligence, Cloud Security Posture Management, Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection and External Attack Surface Management solutions, serving government agencies and sectors such as retail, healthcare, gaming and financial services. Group-IB collaborates with international law enforcement bodies to strengthen global cybersecurity and has been recognized by advisory firms including Datos Insights, Gartner, Forrester, Frost & Sullivan and KuppingerCole.