What does the INTERPOL cybercrime operation in the MENA region mean for cross-border investigations?

INTERPOL has announced that a major cybercrime operation coordinated with Singapore has resulted in 201 arrests and the identification of a further 382 suspects across the Middle East and North Africa (MENA) region.

The operation, known as Operation Ramz, involved law enforcement authorities across 13 countries and focused on disrupting phishing networks, financial crime scams and malicious cyber infrastructure.

This development highlights the increasing levels of international coordination between law enforcement agencies in cybercrime and financial crime investigations, particularly where cross-border digital infrastructure and international asset tracing are involved.

What was INTERPOL’s Operation Ramz?

This operation was launched to tackle cybercrime and included the participation of thirteen countries from the Middle East and North Africa. The investigation aimed to uncover and disrupt malicious infrastructure, identify and arrest suspects and prevent future losses.

Operational highlights spanned numerous jurisdictions, including:

• Qatar – where intelligence led to the identification of compromised devices;
• Jordan – where the police pinpointed the location of a computer being used to run financial crime scams;
• Oman – where police identified a server in a private residence that contained sensitive information;
• Algeria – where a website offering phishing as a service was identified and dismantled; and
• Morocco – where authorities seized computers, smartphones and external hard drives containing banking data and software used for phishing operations.

Neal Jetton, INTERPOL’s Director of Cybercrime, said:

“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice”.

Why is INTERPOL increasing its cybercrime operations in the MENA region?

Cybercrime investigations increasingly involve multiple jurisdictions, decentralised infrastructure and rapidly moving digital assets, making international cooperation essential for effective enforcement action. Phishing operations, ransomware attacks, online fraud, cryptocurrency-related offending and large-scale data breaches are rarely confined to a single country, with suspects, servers, victims and financial flows often spread across numerous jurisdictions simultaneously.

As a result, INTERPOL and national law enforcement authorities have continued to expand intelligence-sharing arrangements, coordinated operational activity and cross-border investigative tools designed to identify suspects, disrupt criminal infrastructure and trace illicit proceeds. The growing use of international mechanisms such as INTERPOL-led cybercrime operations and Silver Notices also reflects the increasing global focus on financial crime, digital assets and international asset recovery.

Can INTERPOL issue notices in cybercrime investigations?

Individuals involved in international cybercrime, fraud or financial investigations may also become subject to INTERPOL measures, including Red Notices, Blue Notices or diffusions where participating jurisdictions seek international cooperation.

Our perspective

In our experience, international cybercrime investigations increasingly involve cooperation between multiple jurisdictions, particularly where financial fraud, phishing operations, cryptocurrency tracing or cross-border digital infrastructure are involved.

While operations such as Operation Ramz focus on organised criminal activity, international investigations can also affect company directors, employees, business partners or individuals who become connected to wider cross-border enquiries.

As international cooperation expands, individuals may face asset freezing measures, extradition proceedings or INTERPOL-related requests even where allegations originate overseas.

Frequently Asked Questions about INTERPOL cybercrime investigations

Can INTERPOL investigate cybercrime?

INTERPOL supports member countries in coordinating international cybercrime investigations, sharing intelligence and disrupting cross-border criminal infrastructure. Investigations themselves are conducted by national law enforcement authorities, often with INTERPOL coordination and support.

Can cybercrime allegations lead to an INTERPOL Red Notice?

Potentially, yes. Where a country seeks the location or arrest of an individual in connection with alleged cybercrime, fraud or financial offences, it may request INTERPOL cooperation measures, including a Red Notice or diffusion request.

What is the difference between an INTERPOL Red Notice and a Blue Notice?

A Red Notice is generally used to seek the location and provisional arrest of an individual pending extradition. A Blue Notice is used to collect additional information about a person’s identity, activities or location during an investigation.

Can business disputes lead to INTERPOL issues?

In some cases, commercial or financial disputes may escalate into criminal allegations in certain jurisdictions. This can create international legal risks where local authorities seek cross-border enforcement assistance through INTERPOL mechanisms.

How Gherson can help

Those who suspect that they may be subject to INTERPOL measures, including a Red (or Blue) Notice and diffusion, should take heed.

Gherson Solicitors continue to receive requests for expert advice and assistance from those who believe they may have outstanding financial issues. That advice tackles:

1. How best to approach a possible INTERPOL notice;
2. Preparing for potential criminal proceedings / an extradition request;
3. Preparing for a situation where a civil matter or commercial dispute could be used to initiate bogus criminal proceedings; and
4. Even exploring the possibility of instigating civil litigation proceedings to recover any misappropriated assets.

Gherson has over 37 years of experience in assisting with all aspects of INTERPOL, Red Notice challenges and extradition. If you would like to speak to us in respect of any of the issues raised in this blog or about your specific circumstances, do not hesitate to contact us for advice, send us an e-mail, or alternatively, follow us on X, Facebook, or LinkedIn to stay-up-to-date.

The information in this blog is for general information purposes only and does not purport to be comprehensive or to provide legal advice. Whilst every effort is made to ensure the information and law is current as of the date of publication it should be stressed that, due to the passage of time, this does not necessarily reflect the present legal position.Gherson accepts no responsibility for loss which may arise from accessing or reliance on information contained in this blog. For formal advice on the current law please do not hesitate to contact Gherson. Legal advice is only provided pursuant to a written agreement, identified as such, and signed by the client and by or on behalf of Gherson.

©Gherson 2026