An extensive operation orchestrated by INTERPOL has led to the dismantling of the Sniper Dz phishing platform, which had been operational for over a decade as a phishing-as-a-service (PhaaS) provider. This significant initiative, known as Operation Ramz, spanned from October 2025 to February 2026 and involved law enforcement agencies across 13 countries in the Middle East and North Africa (MENA) region. The operation culminated in the arrest of 201 individuals, including the alleged mastermind, Guedz, who was apprehended by the Algerian National Police.
Operation Ramz: A Coordinated Effort
The concerted effort to combat cybercrime, dubbed Operation Ramz, was a collaborative mission that involved multiple nations. The primary objective was to dismantle the Sniper Dz platform, which had transitioned through various aliases such as Joker Dz, Storm Dz, and Spam Dz. This platform was notorious for distributing phishing kits and providing infrastructure to facilitate cybercriminal activities.
As part of this operation, authorities succeeded in taking down the Sniper Dz website, which served as a marketplace for PhaaS capabilities. They also confiscated hardware containing vital phishing software and scripts, effectively crippling the platform’s operational capabilities.
Impact on Global Organizations
Since its inception in 2015, Sniper Dz had evolved into a sophisticated hub for cybercriminals, targeting prominent global organizations like PayPal, Facebook, Instagram, and Netflix. Utilizing over 80 phishing templates in multiple languages, the platform aimed to deceive users into divulging sensitive information such as login credentials and personal data.
The platform’s reach extended to users of various technology and social media platforms, with phishing campaigns that impersonated popular brands and government entities. The intent was to harvest sensitive information by luring unsuspecting victims into interacting with counterfeit websites.
Unique Tactics and Techniques
Sniper Dz distinguished itself in the PhaaS market by offering its comprehensive infrastructure free of charge, thereby lowering the entry barrier for potential cybercriminals. The platform’s monetization strategy relied heavily on credential theft and redirecting victim traffic to fraudulent schemes.
The operation also highlighted the platform’s utilization of social engineering tactics, including the creation of fake social media profiles of well-known figures in the MENA region. These profiles were employed to disseminate phishing links masked as promotional deals or free internet offers.
A detailed analysis by Palo Alto Networks Unit 42 in 2024 shed light on the platform’s operational strategies, including using a Telegram channel with thousands of subscribers to disseminate instructional content. This allowed cybercriminals to efficiently execute phishing campaigns on a large scale.
The dismantling of Sniper Dz marks a significant victory in the fight against cybercrime, showcasing the effectiveness of international cooperation in addressing global threats. Moving forward, it sets a precedent for future operations targeting similar cybercriminal networks.
