INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks, 201 Arrests
What Happened – INTERPOL coordinated a region‑wide crackdown (Oct 2025‑Feb 2026) across 13 MENA countries, dismantling malicious infrastructure and arresting 201 individuals while identifying 382 additional suspects.
Why It Matters for TPRM – • Large‑scale takedowns reduce the pool of active threat actors targeting third‑party vendors. • Shifts in criminal infrastructure can create new attack vectors for supply‑chain partners. • Highlights the importance of monitoring law‑enforcement‑driven threat intel for risk assessments.
Who Is Affected – Financial services, telecom, cloud providers, and any organizations with supply‑chain exposure in the MENA region.
Recommended Actions – Review threat‑intel feeds for emerging actor TTPs linked to the operation, validate that your incident‑response playbooks address the identified infrastructure, and confirm that third‑party risk questionnaires capture law‑enforcement alerts.
Technical Notes – The operation targeted command‑and‑control servers, phishing kits, and credential‑stealing malware used by multiple criminal groups. No specific CVEs were disclosed. Data types compromised in prior campaigns included payment credentials and personal identifying information. Source: The Hacker News