← Back to Daily Briefing

Operation Ramz, a coordinated international law enforcement initiative, successfully dismantled SniperDz, a prolific Phishing-as-a-Service (PhaaS) platform that maintained operational longevity for approximately one decade. Conducted between October 2025 and February 2026, the operation targeted the platform's core infrastructure and its extensive affiliate network across the Middle East and North Africa (MENA) region. The campaign resulted in the arrest of the primary developer and administrator, "Guedz," along with 201 affiliates. This takedown neutralizes a significant source of scalable phishing payloads and credential harvesting capabilities that have historically facilitated widespread identity theft and financial fraud.

  • Incident Overview: Operation Ramz

    • Coordinated international law enforcement initiative led by INTERPOL and threat intelligence firm Group-IB.
    • Execution window spanned from October 2025 through February 2026.
    • Collaborative effort involving law enforcement agencies from 13 MENA (Middle East and North Africa) countries.
  • Threat Actor Profile: The SniperDz Ecosystem

    • Functioned as a highly resilient Phishing-as-a-Service (PhaaS) platform.
    • Operated under the administration of a primary developer known as "Guedz."
    • Provided specialized infrastructure for affiliates to execute large-scale credential harvesting and social engineering attacks.
  • Operational Mechanics: Long-Term Phishing Capability

    • Maintained continuous operational availability for approximately 10 years.
    • Facilitated scalable phishing campaigns through a subscription-based service model.
    • Leveraged specialized toolsets to automate the deployment of malicious landing pages and data exfiltration.
  • Law Enforcement & Impact: Massive Disruption

    • Resulted in the arrest of 201 individuals, including the platform's primary administrator.
    • Effectively dismantled the centralized SniperDz PhaaS infrastructure.
    • Involved critical intelligence support from the Algerian National Police and regional partners.
  • Conclusion: Strategic Defensive Implications

    • Neutralization of a decade-old supply chain for phishing-related cybercrime.
    • Highlights the necessity of cross-sector cooperation between INTERPOL and private intelligence firms.
    • Temporary reduction in the availability of professionalized PhaaS tooling within the MENA region.

Related posts

  1. cm-alliance.com — The Fall of SniperDz: Takedown of a Decade-Long Phishing Empire
  2. feeds.feedburner.com — INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
  3. Exchange
  4. Mallory
  5. Reddit
  6. Safestate
  7. Therecord
  8. Pcgamer
  9. helpnetsecurity.com — Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
  10. SC Media — Law enforcement disrupts SocGholish botnet and Evil Corp servers
  11. Mallory
  12. Cyberscoop
  13. techjacksolutions.com — Operation Endgame Dismantles SocGholish at Scale: 14,971 WordPress Sites Cleaned, Evil Corp Infrastructure Cut
  14. techjacksolutions.com — WordPress (Automattic) — Vulnerability Rollup (2026-06-18)
  15. gbhackers.com — Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
  16. News4Hackers — SocGholish Botnet Takedown: 15,000 WordPress Sites Secured
  17. thecyberexpress.com — Operation Endgame Hits SocGholish Malware Network, 14,971 Websites Cleaned
  18. Thehackernews
  19. Cisoseries
  20. Malwarebytes
  21. Ctvnews
  22. Shadowserver
  23. Spamhaus
  24. Reddit
  25. bulwarkblack.com — SocGholish Takedown Shows Website Trust Is Malware Infrastructure
  26. Securityboulevard
  27. Safestate
  28. Vancouver
  29. cybersecurity.pk — Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
  30. Cyberdaily
  31. Malware News — Operation Endgame Targets SocGholish: What It Means for Defenders
  32. cyberinsider.com — Amadey, StealC, and SocGholist malware disrupted by ‘Operation Endgame’
  33. techjacksolutions.com — Amadey / StealC (MaaS Ecosystem) — Vulnerability Rollup (2026-06-24)
  34. TechNadu — Operation Endgame Disrupts SocGholish, Amadey, and StealC Malware, Recovers 27 Million Stolen Login Credentials
  35. SecurityWeek — 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
  36. Securityaffairs
  37. cyberscoop.com — In a first, a court takedown goes after two cybercrime tools at once
  38. Microsoft Security Blog — StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
  39. bleepingcomputer.com — Amadey, StealC malware operations disrupted in Operation Endgame action
  40. cybersecuritydive.com — Microsoft, Europol lead international takedown against infostealer malware
  41. feeds.feedburner.com — Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
  42. Security Affairs — Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
  43. The Record by Recorded Future — Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement
  44. Infosecurity-magazine
  45. Europol
  46. Redmondmag
  47. Mbsd
  48. Techechelon
  49. Bitsight
  50. Hackread
  51. SecurityWeek — Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

LINK COPIED TO CLIPBOARD