INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
INTERPOL Operation Ramz arrests 200+ individuals, seizes 53 malware and phishing servers across MENA region.
Summary
INTERPOL's Operation Ramz resulted in the arrest of over 200 cybercriminals and identification of 382 additional suspects across 13 Middle Eastern and North African countries. Law enforcement seized 53 servers used for phishing, malware distribution, and online fraud that victimized at least 3,867 confirmed victims. The operation, conducted with support from cybersecurity firms including Kaspersky, Group-IB, and TrendMicro, dismantled multiple criminal schemes including investment scams, phishing-as-a-service platforms, and malware distribution networks.
Full text
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers By Bill Toulas May 18, 2026 06:15 PM 0 More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE). In addition to the arrests, authorities seized 53 servers used for phishing, malware, and online fraud that affected at least 3,867 confirmed victims, as determined from nearly 8,000 intelligence packages retrieved from the equipment. “The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” reads the INTERPOL announcement. Seized devices in JordanSource: INTERPOL INTERPOL collaborated with several private cybersecurity firms to track the malicious infrastructure, including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI. Some highlights of ‘Operation Ramz’ include: securing compromised devices unknowingly used to spread malware in Qatar dismantling an investment scam operation in Jordan, where 15 trafficked workers from Asia were forced to run fraud schemes; two organizers were arrested disabling a vulnerable malware-infected server containing sensitive data in Oman shutting down a phishing-as-a-service platform in Algeria and arresting one suspect seizing devices and banking data linked to phishing operations in Morocco, with multiple suspects under judicial investigation This is the third major cybercrime crackdown operation INTERPOL has concluded this year. In March, the authorities announced ‘Operation Synergia III,’ which resulted in sinkholing 45,000 malicious IP addresses, the seizure of 212 devices and servers, and the arrest of 94 individuals across 72 countries, for participating in phishing, hacking, fraud, and malware distribution. Earlier, in February, INTERPOL announced the arrest of 651 suspects across 16 African countries, as part of ‘Operation Red Card 2.0,’ targeting investment fraud, mobile money scams, and fake loan apps linked to more than $45 million in losses. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Student hacked Taiwan high-speed rail to trigger emergency brakesOperation PowerOFF identifies 75k DDoS users, takes down 53 domainsRussia arrests suspected owner of LeakBase cybercrime forumUS charges suspected Dream Market admin arrested in GermanyUK fines water supplier $1.3M for exposing data of 664k customers