HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Operation Ramz Dismantles MENA Cybercrime Infrastructure – 201 Arrests, 382 Suspects Identified

INTERPOL’s Operation Ramz, spanning 13 MENA countries, seized 53 malicious servers, disrupted phishing‑as‑a‑service platforms and arrested 201 cybercriminals, highlighting supply‑chain threats that third‑party risk managers must monitor.

LiveThreat™ Intelligence · 📅 May 19, 2026· 📰 securityaffairs.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Operation Ramz Dismantles MENA Cybercrime Infrastructure – 201 Arrests, 382 Suspects Identified

What Happened – INTERPOL coordinated a 13‑country operation (Oct 2025 – Feb 2026) that seized 53 malicious servers, disrupted phishing‑as‑a‑service, malware‑hosting and fraud infrastructures across the Middle East and North Africa, resulting in 201 arrests and the identification of 382 additional suspects.

Why It Matters for TPRM

  • Large‑scale takedowns expose the breadth of supply‑chain‑level cybercrime that can affect any third‑party service provider operating in the region.
  • The operation highlights the importance of continuous monitoring of malicious infrastructure that may be leveraged against vendors or their customers.
  • Collaboration between law‑enforcement and private‑sector threat intel firms (Group‑IB, Kaspersky, Trend Micro, etc.) demonstrates a model for proactive TPRM threat‑intel sharing.

Who Is Affected – Financial services, telecoms, e‑commerce, government agencies, and any organization that relies on third‑party SaaS or cloud services in the MENA region.

Recommended Actions

  • Review contracts with vendors that have a footprint in the MENA region for cyber‑risk clauses.
  • Validate that your suppliers employ threat‑intel feeds and have incident‑response processes for phishing‑as‑a‑service attacks.
  • Incorporate the list of seized indicators (domains, IPs, hashes) into your blocklists and continuous monitoring tools.

Technical Notes – The operation targeted phishing‑as‑a‑service platforms, compromised servers used for malware distribution, and fraudulent investment‑scheme infrastructure. No specific CVE was disclosed; the primary vectors were phishing emails, credential harvesting, and malicious server hosting. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192357/cyber-crime/massive-mena-cybercrime-operation-ramz-disrupts-infrastructure-and-arrests-201-suspects.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →