INTERPOL operation nets 201 arrests in MENA

INTERPOL said on May 18 that a five-month cybercrime operation across the Middle East and North Africa led to 201 arrests and the identification of 382 additional suspects. The operation, called Ramz, ran from October 2025 to February 28, 2026 and involved police agencies in 13 countries, according to an INTERPOL statement published Monday. The agency said investigators also identified 3,867 victims and seized 53 servers during what it described as the first cyber operation of that scale coordinated by INTERPOL in the region. The effort targeted phishing, malware activity and cyber scams that caused financial losses across multiple jurisdictions. ### Which countries took part in the operation? INTERPOL said 13 countries joined Operation Ramz: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. The agency said nearly 8,000 pieces of data and intelligence were shared among those countries to open and support investigations. Private-sector partners including Kaspersky, Team Cymru, Group-IB, the Shadowserver Foundation and Trend Micro or TrendAI were cited in related statements as contributors of technical intelligence and infrastructure visibility. (interpol.int) ### What did investigators say they were trying to disrupt? Operation Ramz focused on malicious infrastructure tied to phishing campaigns, malware distribution and online fraud, according to INTERPOL. The agency said the goal was to investigate and disrupt infrastructure, identify and arrest suspects, and prevent further losses. INTERPOL’s cybercrime program says it typically concentrates on threats such as ransomware, malware attacks, online scams and business email compromise, and uses its Cyber Fusion Centre to gather and share threat intelligence with member countries. (interpol.int) ### What examples did INTERPOL give from individual countries? Jordanian police traced a computer used in financial fraud scams tied to what victims believed was a legitimate trading platform, INTERPOL said. The agency said a raid found 15 people carrying out the scams, but investigators concluded they were human-trafficking victims who had been lured from Asian home countries with false job offers. Kaspersky said two people suspected of orchestrating that Jordan-based operation were arrested. (interpol.int) Qatari investigators identified compromised devices whose owners were unaware their systems were being used to spread malicious threats, according to INTERPOL. The agency said the devices were secured and the owners were told to take preventive steps. Team Cymru’s statement added other examples released by INTERPOL, including the dismantling of a phishing-as-a-service website in Algeria, the seizure in Morocco of phishing tools and banking data, and the takedown in Oman of a vulnerable server hosting sensitive information. (interpol.int) ### Why did INTERPOL emphasize private-sector support? Neal Jetton, INTERPOL’s director of cybercrime, said in the agency’s statement that Operation Ramz showed the value of cross-border cooperation against criminals who operate without borders. INTERPOL’s cybercrime guidance says the organization relies on private-sector companies because they can provide technical data that helps investigators connect infrastructure, victims and suspects across jurisdictions. (interpol.int) Kaspersky and Team Cymru both said they supplied threat intelligence on malware infrastructure and command-and-control systems used in the operation. ### What comes next after the arrests? INTERPOL’s May 18 statement did not give court dates, charges or extradition steps for the 201 people arrested. The agency said the intelligence shared during the operation was used to initiate and support investigations, indicating that cases remain active in participating countries. INTERPOL’s public news page and partner releases published on May 18 are the main official sources so far for the operation’s scope, country list and operational examples. (interpol.int)