Interpol coordinated an expansive investigation with 13 countries in the Middle East and North Africa to disrupt and take down cybercrime operations, including phishing services and tools, malware and scams. The law enforcement effort netted 201 arrests, led to the seizure of 53 servers and disrupted multiple cybercrime services, Interpol said Monday.

Operation Ramz, which the law enforcement organization said was the first large-scale effort of its kind in the region, also identified 382 suspects over a four-month period ending in February. The collective countermeasures allowed authorities to pin the various malicious activities to nearly 4,000 victims.

“In a world where cybercriminals exploit the digital landscape without borders, Operation Rams demonstrates the effectiveness of global collaboration,” Neal Jetton, Interpol’s director of cybercrime, said in a statement.

Police in Jordan tracked down a computer involved in financial fraud scams and, during a raid, found 15 people carrying out the scams who were later determined to be victims of human trafficking. The victims were recruited under false promises of employment from their home countries in Asia and had their passports confiscated upon arrival in Jordan, officials said. 

A pair of ringleaders behind the operation, who forced or coerced the victims to participate in the scheme, were arrested, according to Interpol. 

Law enforcement agencies in Algeria dismantled a phishing service by seizing a server and other devices linked to the operation. Moroccan authorities also seized multiple devices containing banking data and software for phishing operations.

Officials in Oman remediated a server containing sensitive information that was infected with malware, and compromised by vulnerabilities. Meanwhile, investigators in Qatar identified and secured multiple compromised devices that were being used, unbeknownst to their owners, of spreading malicious threats. 

Authorities involved in the months-long effort gathered almost 8,000 pieces of data that was shared among participating countries to support ongoing investigations.

Operation Ramz was supported by Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. Multiple companies and organizations also helped Interpol track illegal cyber activities and identify malicious servers, including Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and Trend Micro. 

“Interpol is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice,” Jetton said.

The post Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa appeared first on CyberScoop.

An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday.

The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical infrastructure sectors across South Asia, according to conclusions from researchers at Access Now, Lookout and SMEX.

Each group took on a different piece of the puzzle:

• Access Now got calls on its helpline that led it to examine a spearphishing campaign in 2023 and 2024. It contacted Lookout for technical support about the malware it encountered.
• Lookout attributed the malware to Bitter, concluding it was a likely hack-for-hire campaign, using the Android ProSpy spyware.
• SMEX dived into a spearphishing campaign targeting a prominent Lebanese journalist last year, collaborating with Access Now to discover shared infrastructure between the campaigns.

One of the victims, independent Egyptian journalist Mostafa Al-A’sar, said he contacted Access Now after receiving a suspicious link from someone he’d been talking to about a job position. He was skeptical because his phone had been targeted before, when he was arrested in Egypt in 2018.

The lesson for journalists and civil society groups is that cybersecurity “is not a luxury,” he said.

“I feel like I’m threatened,” Al-A’sar said, and even though he was living in exile, he feels like “they are still following me. I also felt worried about my family, about my friends, about my sources.”

The combined research found a wider campaign than just the original victims.

“Our joint findings expose an espionage campaign that has been operational since at least 2022 until present day primarily targeting civil society members and potentially government officials in the Middle East,” Lookout wrote. “The operation features a combination of targeted spearphishing delivered through fake social media accounts and messaging applications leveraging persistent social engineering efforts, which may result in the delivery of Android spyware depending on the target’s device.”

The Committee to Protect Journalists condemned the campaign.

“Spying on journalists is often the first step in a broader pattern of intimidation, threats, and attacks,” said the group’s regional director, Sara Qudah. “These actions endanger not only journalists’ personal safety, but also their sources and their ability to do their work. Authorities in the region must stop weaponizing technology and financial resources to surveil journalists.”

Access Now said it didn’t have enough information to attribute who was behind the attacks it identified.

ESET first published research on the ProSpy malware last year, after finding it targeting residents of the United Arab Emirates.

The post Hack-for-hire spyware campaign targets journalists in Middle East, North Africa appeared first on CyberScoop.