Overview
- Group-IB disclosed on June 11 that a coordinated INTERPOL effort led to the arrest in Algeria of the suspected SniperDz developer and the seizure of active hardware used to run the service.
- The law-enforcement action was part of Operation Ramz, which ran from October 2025 to February 2026 and produced 201 arrests, 53 server seizures, about 382 suspects identified, and 3,867 victims flagged.
- SniperDz operated since at least 2015 as a phishing-as-a-service that hosted roughly 20,000 domains, offered about 80 ready-made templates in five languages, and impersonated some 30 major online brands.
- Investigators traced the operator after finding video tutorials that exposed admin panels and backend emails and after mapping recruitment channels on Telegram and Facebook that linked affiliates to the platform.
- Group-IB has shared nearly 8,000 intelligence artefacts with participating countries, a move that officials say will support follow-up prosecutions, victim remediation and ongoing cross-border investigations, including probes into scams that used forced labour.