Law-enforcement organizations from 13 countries in the Middle East and northern Africa (MENA) worked with Interpol and cybersecurity firms to conduct a five-month series of investigations, leading to the identification of nearly 583 suspected cybercriminals throughout the Arab world, the identification of hundreds of compromised devices used for fraud, and the notification of nearly 4,000 victims.

The effects were wide-ranging: in Qatar, investigators identified compromised devices owned by unsuspecting users, while Jordanian police shuttered an investment fraud ring that used victims of human trafficking from Asia. Investigators in Oman located a compromised server in a private residence, and a provider of phishing-as-a-service was shut down in Algeria. In all, law-enforcement agencies from Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and UAE all took part in what was collectively dubbed Operation Ramz.

Related:Operation Red Card 2.0 Leads to 651 Arrests in Africa

The law-enforcement actions are the first time that such as large number of countries in the Islamic region have worked together to investigate and prosecute cybercriminals, according to Interpol. 

The operation successfully disrupted criminal organizations, located and took down malicious infrastructure, and arrested 201 suspects during the operation, says Neal Jetton, director of cybercrime at Interpol.

“When we support a cybercrime operation in a specific region for the first time, it’s an opportunity to gauge interest from the member countries taking part,” he says. “We were very happy that 13 countries participated in our coordination meeting held in Doha, Qatar, last year, and subsequently took part in Operation Ramz.”

The action comes as the Middle East has become a target for cybercrime and cyber espionage. The rapid digitization of Gulf nations, significant flow of financial capital through the region, and ongoing conflicts have attracted cybercriminals, hacktivists, and nation-state actors alike. And since the conflict between the US, Israel, and Iran started in February, cyberattacks targeting some countries, such as the United Arab Emirates, have surged to 600,000 probes or attack attempts per day, up from no more than 200,000 prior to the war, according to the UAE Cyber Security Council. Ransomware and financial fraud have both become significant problems in the region too, with credential-spraying attacks surging in Q1 2026, according to Barracuda Networks.

Nations Collaborate Across Borders to Fight Cybercrime

Related:Extra Extra! Announcing DR Global Latin America

The Operation Ramz collaboration brought together 13 nations and threat intelligence from private partners Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and TrendAI, whose data helped pinpoint sources of illegal cyber activities and identify cybercriminals’ servers and other infrastructure. 

Pulling together the different groups to work together is a significant accomplishment, says Jacomo Piccolini, vice president of global data partners at Team Cymru, a threat intelligence provider.

“What Operation Ramz demonstrates is that operational cooperation is possible even across a complex geopolitical region when the mission is clear: protect people, identify victims, and disrupt criminal infrastructure,” he says. “Cybercrime does not respect borders or political boundaries, which is exactly why neutral, intelligence-led cooperation matters.”

 

Operation Ramz phones seized by Interpol.

While the actual numbers are not as big as other law-enforcement operations in the sub-Saharan region — such as Operation Red Card 2.0 with its 653 arrests and recovery of $4.3 million, or Operation Sentinel, which neutralized African cybercrime syndicates across 19 countries and recovered $3 million — helping government agencies establish channels for threat-intelligence sharing and training them in cybercriminal investigations is important, says Anna Yurtaeva, head of the high-tech crime investigations with Group-IB, a cybersecurity provider.

Related:Cyberattacks Likely Part of Military Operation in Venezuela

“Beyond enforcement metrics, the operation highlighted growing coordination in regional threat intelligence sharing, infrastructure mapping, indicators of compromise (IoC) correlation, and the coordinated disruption of malicious infrastructure between law enforcement and private cybersecurity partners,” she says. “More importantly, Operation Ramz builds an early foundation for a long-term regional cyber operational framework in MENA.”

Middle East Becomes Tougher on Cybercrime

For the past decade, cybercriminals have operated fairly brazenly across the region, reusing the same infrastructure, phishing toolkits, and operational patterns throughout their campaigns, Yurtaeva says.

“This level of operational reuse suggests that parts of the cybercriminal ecosystem still perceive cyber fraud activity as relatively low-risk compared to traditional forms of organized crime,” she says. “For local law enforcement agencies, operations like Ramz are especially valuable because they help expose broader infrastructure connections and improve visibility into how regional cybercriminal ecosystems evolve and scale across borders.”

Yet, governments in the region are catching up. Cybercrime investigations and prosecutions have become more noticeable, with more suspect arrests and infrastructure takedowns across the region compared with a few years ago, Yurtaeva says. 

The cybercriminal schemes are “rarely confined to one jurisdiction” and disrupting the groups behind the cybercrime requires transnational cooperation, adds Team Cymru’s Piccolini.

“Cybercrime disruption is cumulative — every server seized, victim identified, and suspect mapped makes the ecosystem less anonymous and less resilient,” he says. “The significance is not simple the arrest count. What stands out is the coordination model.”





Source link

#

Comments are closed