INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary

The reported operation describes INTERPOL’s Operation Ramz, in which Group-IB intelligence helped identify and dismantle SniperDz, a long-running phishing-as-a-service (PhaaS) platform active since at least 2015 that used more than 20,000 domains and around 80 phishing templates to target users of 30+ major online services, leading to 201 arrests and the seizure of infrastructure across 13 MENA countries.[1][2][3] The article states that the platform, administered by an individual known as "Guedz," provided turnkey phishing kits, hosting, and operational support to cybercriminals via Telegram and Facebook channels, significantly lowering the technical barrier for large-scale credential theft.[1][2][3] From a CyberSE.AI perspective, this illustrates malicious service-style infrastructure that could readily be augmented by or integrated with AI (for targeting, content generation, and automation), so AI-enabled defenses must assume adversaries have access to scalable, service-based cybercrime ecosystems. Organizations should use Continuous AI Red Teaming to test how their AI agents and workflows withstand phishing and social-engineering campaigns modeled on PhaaS operations, and apply