[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffnqdx9zcccuo6wODGY2z-XNQpNN23e168daEuvgrQPM":3},{"article":4,"iocs":51},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"2082ac4c-663a-4b31-babb-47bea7f71d5f","Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz","decade-long-sniperdz-phishing-network-disrupted-in-operation-ramz-43e7f3","Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested.","An international operation involving Group-IB, INTERPOL, and Algerian Police has dismantled SniperDZ, a decade-old Phishing-as-a-Service (PhaaS) network. The network, which offered 80 phishing templates for free via Telegram and Facebook, targeted over 30 popular platforms and was used to steal credentials and personal data. The alleged developer, known as Guedz, was arrested in Algeria as part of Operation Ramz, which also led to 201 arrests across 13 nations.","SniperDZ phishing network dismantled, alleged developer arrested in Operation Ramz.","Cyber Crime Phishing Scam SecurityDecade-Long SniperDz Phishing Network Disrupted in Operation Ramz Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested. byDeeba AhmedJune 11, 20263 minute read In a collective operation, Group-IB, INTERPOL, and the Algerian National Police have dismantled SniperDZ, an online Phishing-as-a-Service (PhaaS) network that helped hackers steal user data for nearly ten years. Operating via Telegram and Facebook channels, SniperDz allowed anyone, even novice hackers, to use its toolkit of 80 ready-made phishing templates for free to create fake login pages and trick people into giving away their login credentials (usernames – passwords) and other personal data. The phishing platform allowed scammers to target users on around 30 popular platforms, including PayPal, Facebook, Instagram, Netflix, and Steam, via more than 20,000 domains. Templates offered in different languages (Source: Group-IB) Tracking the Infrastructure As per the details shared by INTERPOL and Group-IB, this PhaaS network was launched in 2015 but evaded detection for so long because the admins constantly changed its name. The platform was also known as JokerDz, StormDz, and SpamDz. In 2024, Group-IB cybersecurity researchers detected fake Facebook accounts of politicians in the Middle East and North Africa delivering malicious links. These accounts lured users into clicking those links by promising free internet access and gifts. With the support of INTERPOL, slowly, information started emerging; the code’s developer turned out to be a threat actor known online as Guedz. The hacker created a massive vulnerability for himself by producing video tutorials to train affiliate scammers. In those recordings, Guedz failed to mask his active administrator panel and personal backend email addresses, and Group-IB’s analysts used data correlation to trace him using these clues. SniperDZ admin panel Server Disruption and Mitigation Group-IB compiled and shared this data with INTERPOL and the Algerian National Police. This helped Algerian authorities arrest Guedz and seize active hardware containing phishing code and malicious scripts. This raid was part of a broader threat mitigation initiative called Operation Ramz that ran between October 2025 and 28 February 2026. INTERPOL shared its results in a press release on 18 May but didn’t explicitly name the SniperDz network at the time. Group-IB is the first to name the network and share more details on this network in a report published today. “For nearly ten years, SniperDz served as quiet criminal infrastructure, available to anyone with the motivation to use it. The scale of its reach became concrete in 2016, when the platform published statistics showing that campaigns run through its service had already collected more than 45,000 victim records. That figure represented only the activity captured at a single point in time, years before the operation was dismantled,” Group-IB revealed. Decade-Long SniperDz Phishing Network on Telegram (Image credit: Hackread.com) About Operation Ramz According to INTERPOL’s press release, Operation Ramz covered 13 nations, including Egypt, Morocco, Jordan, and Qatar, leading to 201 arrests and the seizure of 53 malicious servers. Over 3,867 compromised endpoints and victims were identified. During the mitigation process in Jordan, investigators tracked an investment scam platform run by 15 forced workers. These individuals were victims of human trafficking who had their travel documents withheld and were forced to run the scam scripts. Authorities arrested the two primary operators running that facility. This coordinated shutdown proves that even the most long-standing scam networks eventually fall when international threat intelligence and local law enforcement align. “In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups, and bring perpetrators to justice,” stated INTERPOL’s Director of Cybercrime, Neal Jetton. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AlgeriaCyber CrimeCybersecurityGroup-IBInterpolJokerDzOperation RamzPhishingSniperDzSpamDzStormDz Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms. byDeeba Ahmed Read More News Cyber Attacks Cyber Crime Cyber Events US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report DDoS attacks have surged by 47% in Q1 2023, according to a StormWall report. byWaqas Security Phishing Scam Scams and Fraud Netflix Users Targeted with yet another sophisticated Phishing Scam If you have a Netflix account you might be at risk of falling prey to a new phishing scam that… byWaqas Read More Security Hacking News SAS Airlines Hit by Cyber Attack The cyber attack took place on Tuesday, February 14th evening, which forced the SAS Airlines’ website and app to go offline and be inaccessible to passengers. byDeeba Ahmed","https:\u002F\u002Fhackread.com\u002Fauthorities-dismantle-sniperdz-phishing-network\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002FSniperDz-phishing-platform-interpol.jpg","2026-06-11T16:18:37+00:00","2026-06-11T18:00:25.956095+00:00",8,[18,21,24,27,29,31],{"name":19,"type":20},"Guedz","threat_actor",{"name":22,"type":23},"SniperDZ","product",{"name":25,"type":26},"Group-IB","vendor",{"name":28,"type":23},"JokerDz",{"name":30,"type":23},"StormDz",{"name":32,"type":23},"SpamDz","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":33,"icon":35,"name":36,"slug":37},null,"Threat Intelligence","threat-intelligence",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",{"category":50},{"id":33,"icon":35,"name":36,"slug":37},[52,54,56,57],{"type":43,"value":22,"context":53},"Name of the phishing network.",{"type":43,"value":28,"context":55},"Alternative name for the SniperDZ phishing network.",{"type":43,"value":30,"context":55},{"type":43,"value":32,"context":55}]