Team Cymru, vendor of external threat intelligence and internet visibility, announced its role as a private-sector partner in Operation Ramz, a first-of-its-kind cybercrime operation in the Middle East and North Africa (MENA) region coordinated by INTERPOL. Running from October 2025 to 28 February 2026, the operation brought together law enforcement agencies from 13 countries to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent further victimisation across the region.
Working alongside INTERPOL and fellow private-sector partners Group-IB, Kaspersky, the Shadowserver Foundation and TrendAI, Team Cymru contributed threat intelligence and internet-scale visibility to help participating countries track illegal cyber activities and identify malicious servers underpinning phishing, malware and large-scale cyber scams targeting the region.
Operation Ramz marked the first cyber operation of its scale coordinated by INTERPOL in the MENA region. Team Cymru’s support reflects its long-standing commitment to working with law enforcement worldwide, providing external threat intelligence and internet-scale telemetry needed to map adversary infrastructure, attribute malicious activity, and convert technical signals into operationally actionable leads. Through partnerships of this kind, Team Cymru helps make it harder, more expensive and riskier for cybercriminals to operate.
“Cybercrime is borderless, and the only effective response is one that is equally borderless. Operation Ramz is exactly that kind of response, law enforcement and trusted private-sector partners pooling intelligence, moving in concert, and dismantling the infrastructure that criminals depend on,” said Joe Sander, CEO, Team Cymru. “We are proud to have supported INTERPOL and the 13 participating MENA countries with the visibility needed to turn data into action, and we will continue investing in the partnerships that protect victims and hold offenders to account.”
Operation Ramz resulted in the arrest of 201 individuals, while authorities identified an additional 382 suspects. Investigators also identified 3,867 victims across participating jurisdictions and seized 53 servers during the operation. Nearly 8,000 pieces of data and intelligence were shared among participating countries to support and initiate investigations. The operation involved 13 participating countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates.
The operation focused on neutralising phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region. Operational highlights released by INTERPOL include the dismantling of a phishing-as-a-service website in Algeria, the seizure of phishing tooling and banking data in Morocco, the disruption of a fraudulent investment platform in Jordan, where 15 individuals working the scams were determined to be victims of human trafficking, remediation of compromised devices in Qatar, and take-down of a vulnerable server hosting sensitive information in Oman.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration,” said Neal Jetton, director of cybercrime at INTERPOL. “INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice.”
