INTERPOL Operation Ramz Seizes 53 Phishing & Malware Servers Across MENA, Arrests 200+ Cybercriminals
What Happened – INTERPOL’s “Operation Ramz” targeted cyber‑crime infrastructure in the Middle East and North Africa, resulting in the seizure of 53 servers used for phishing, malware distribution and online fraud and the arrest of more than 200 individuals. Intelligence gathered from the seized equipment identified 3,867 confirmed victims and 382 additional suspects in 13 countries.
Why It Matters for TPRM –
- Large‑scale takedowns demonstrate that threat actors leverage shared infrastructure that can be repurposed for any third‑party vendor.
- The operation highlights the importance of continuous monitoring of external IPs and domains that could be abused against your supply chain.
- Collaboration between law‑enforcement and private cyber‑security firms can surface hidden risks that traditional vendor assessments miss.
Who Is Affected – Financial services, e‑commerce, SaaS providers, telecom operators, and any organization with customers or partners in the MENA region that may have been exposed to the compromised servers.
Recommended Actions –
- Review any third‑party relationships that route traffic through the listed MENA jurisdictions.
- Validate that DNS and email filtering controls block known malicious domains/IPs associated with the seized servers.
- Incorporate threat‑intel feeds from INTERPOL operations into your continuous monitoring program.
Technical Notes – The seized infrastructure hosted phishing‑as‑a‑service platforms, malware drop sites, and compromised banking data. Attack vectors were primarily phishing emails and malicious web redirects. No specific CVEs were disclosed. Source: BleepingComputer