INTERPOL Operation Ramz Dismantles Decade-Long SniperDz PhaaS Platform; Developer 'Guedz' Arrested in Algeria After 9-Year Run

INTERPOL, Group-IB, and the Algerian National Police arrested the primary developer and administrator of SniperDz (alias Guedz) — a phishing-as-a-service platform active since 2015 that distributed 80 phishing templates in five languages across 20,000+ domains impersonating PayPal, Facebook, Netflix, and Steam, collecting over 45,000 documented victim records. Operation Ramz (October 2025–February 2026) spanned 13 MENA countries, resulting in 201 arrests, 53 servers seized, 382 suspects identified, and 3,867 victims documented; the platform had rebranded multiple times as Joker Dz, Storm Dz, and Spam Dz to evade detection. The takedown represents the third major INTERPOL cybercrime enforcement action of 2026, following Operation Synergia III and Operation Red Card 2.0, signaling sustained LE pressure on PhaaS infrastructure.

The takedown represents the third major INTERPOL cybercrime enforcement action of 2026, following Operation Synergia III and Operation Red Card 2.0, signaling sustained LE pressure on PhaaS infrastructure.

This intelligence brief has been compiled from open-source reporting and corroborated across multiple threat intelligence sources. Defenders should treat the medium severity rating as a guide to prioritization within their environment.

For the latest indicators of compromise, formatted SIEM queries, and unredacted actor intelligence related to this brief, DMZ Operator subscribers receive automated IOC packages via email the moment new advisories are published.