Ethical Hacking News
A recent INTERPOL-led operation has successfully disrupted a decade-long phishing-as-a-service (PhaaS) platform known as Sniper Dz, leading to the arrest of its primary developer and administrator, Guedz. The operation, codenamed Operation Ramz, took place between October 2025 and February 2026 and resulted in 201 arrests across 13 countries in the MENA region.
INTERPOL-led operation, Operation Ramz, successfully dismantled a decade-long phishing-as-a-service (PhaaS) platform known as Sniper Dz. The platform targeted 30 major global organizations in five languages using 80 phishing templates. Sniper Dz offered free infrastructure to cybercriminals, relying on credential theft and victim traffic for monetization. 201 arrests were made, including the primary developer and administrator, Guedz, as part of Operation Ramz. The website used to offer PhaaS capabilities was taken down, along with hardware containing phishing software and scripts. The disruption marks a significant milestone in the fight against cybercrime, demonstrating international cooperation and law enforcement effectiveness.
In a significant blow to cybercrime, an INTERPOL-led operation has successfully dismantled a decade-long phishing-as-a-service (PhaaS) platform known as Sniper Dz. The operation, codenamed Operation Ramz, was a joint effort involving authorities from 13 countries in the Middle East and North Africa (MENA) region.
According to Group-IB, a Singapore-headquartered cybersecurity company, Sniper Dz was first active since at least 2015 and had evolved into a sophisticated criminal platform offering ready-made phishing kits, hosting infrastructure, and operational support to cybercriminals. The platform primarily targeted 30 major global organizations, including PayPal, Facebook, Instagram, Yahoo, Netflix, and Steam, using 80 phishing templates deployed in five languages.
Sniper Dz was notable for its unique business model, where the entire infrastructure was offered for free, making it easier for aspiring cybercriminals to pull off phishing campaigns at scale. The monetization avenues relied on credential theft and victim traffic, with stolen credentials being harvested through phishing campaigns, while users who did not yield credentials could still be redirected into carrier billing fraud, premium SMS subscriptions, browser notification abuse schemes, and other affiliate-driven scam campaigns.
The operation was carried out between October 2025 and February 2026, during which authorities made 201 arrests, including Guedz, the primary developer and administrator of Sniper Dz. The Algerian National Police were instrumental in making the arrest, highlighting the significant role played by law enforcement agencies in combating cybercrime.
As part of Operation Ramz, the website used to offer PhaaS capabilities to other cybercriminals was taken down, along with hardware containing phishing software and scripts. Authorities also seized domain names associated with the platform, further disrupting the operations of Sniper Dz.
Group-IB highlighted that Sniper Dz was a sophisticated criminal platform that evolved over the years, using social engineering techniques to exploit the popularity and credibility of public figures across the MENA region. The threat actors created fake social media accounts impersonating well-known political personalities and used them to promote phishing links disguised as promotional offers or free internet access.
The comprehensive analysis of Sniper Dz by Palo Alto Networks Unit 42 in October 2024 detailed the threat actor's use of a Telegram channel with more than 7,300 subscribers to share tutorial videos and the options it provided to host the phishing pages on its own infrastructure behind a proxy server. This highlighted the importance of cybersecurity measures in protecting against such complex phishing tactics.
The disruption of Sniper Dz marks a significant milestone in the fight against cybercrime, demonstrating the effectiveness of international cooperation and law enforcement efforts in dismantling complex criminal networks. As the threat landscape continues to evolve, it is essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves against such phishing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Dismantling-a-Decade-Long-Phishing-as-a-Service-The-INTERPOL-Operation-Against-Sniper-Dz-ehn.shtml
https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html
Published: Fri Jun 12 05:27:16 2026 by llama3.2 3B Q4_K_M
