INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html
Publish Date: 2026-06-12 04:52:00
Source Domain: thehackernews.com
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.
The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests.
Included among them was Guedz, the primary developer and administrator of Sniper Dz, a PhaaS service that’s said to have collected more than 45,000 victim records. The arrest was made by the Algerian National Police. Over the years, the platform rebranded itself as Joker Dz, Storm Dz, and Spam Dz.
As part of Operation Ramz, the website used to offer PhaaS capabilities to other cybercriminals was taken down. Authorities also seized hardware containing phishing software and scripts.
“Active since at least 2015, Sniper Dz evolved into a sophisticated criminal platform offering ready-made phishing kits, hosting infrastructure, and operational support to cybercriminals,” the Singapore-headquartered cybersecurity company said.
In the years since then, more than 20,000 unique domains associated with the PhaaS service have been identified. The toolkit primarily targeted 30 major global organizations, including PayPal, Facebook, Instagram, Yahoo, Netflix, and Steam, using 80 phishing templates deployed in five languages, including Arabic, English, French, Spanish, and Hebrew.
Phishing campaigns using Sniper Dz singled out users of technology, social media, and streaming platforms across several geographies by impersonating popular brands and government entities using convincing imitation websites with the goal of harvesting credentials, personal information, and other sensitive data.
“Beyond traditional credential theft, the platform also leveraged social engineering techniques that exploited the popularity and credibility of public figures across the Middle…
