INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

INTERPOL-led authorities shut down Sniper Dz, a phishing-as-a-service platform that operated for over a decade. Operation Ramz, coordinated across 13 Middle East and North Africa countries between October 2025 and February 2026, resulted in 201 arrests, including Guedz, the platform's administrator.

Sniper Dz functioned as a rental service for phishing attacks. Operators paid fees to access the platform's infrastructure, tools, and victim databases rather than developing phishing campaigns independently. This model lowered barriers to entry for cybercriminals with minimal technical skills, enabling mass-scale credential theft and financial fraud.

Group-IB disclosed the operation details Thursday. The platform caused documented financial losses across the MENA region and beyond. Law enforcement focused on dismantling both the technical infrastructure and the criminal network operating it.

Phishing-as-a-service platforms represent a persistent threat to organizations globally. They commodify attack capabilities, allowing criminals to target employees at scale without building custom malware or social engineering expertise. Victims typically lose login credentials, banking information, or access to corporate systems. Attackers then sell stolen data, conduct account takeovers, or pivot into broader network compromises.

The coordinated nature of Operation Ramz demonstrates law enforcement's expanding capability to pursue cybercriminals across borders. Thirteen-country cooperation required sharing intelligence, coordinating arrests, and potentially sharing evidence for prosecution. MENA-focused operations address a region where financial cybercrime remains particularly prevalent.

Organizations should treat phishing infrastructure takedowns as temporary disruptions rather than permanent solutions. Operators migrate to new platforms, rebrand services, or operate more covertly after high-profile arrests. Email security controls, employee training, and multi-factor authentication remain essential defenses against phishing attacks regardless of which platform