June 2026 — An international law enforcement operation coordinated by INTERPOL has dismantled the Sniper Dz phishing platform, a long-running cybercrime service responsible for large-scale phishing campaigns targeting users across the Middle East and North Africa (MENA).
The operation, codenamed Operation Ramz, resulted in 201 arrests across 13 countries in the region. Among those arrested was the platform’s alleged primary developer, known online as “Guedz,” who was apprehended by the Algerian National Police.
Sniper Dz, also known as Joker Dz and Storm Dz, was far from a small cybercrime operation. Active for nearly a decade, it was linked to more than 140,000 phishing websites and maintained a Telegram channel with over 7,000 subscribers, where tutorials and guidance were provided to aspiring cybercriminals.
The platform operated as a Phishing-as-a-Service (PhaaS) ecosystem, allowing individuals with little technical expertise to launch phishing campaigns using ready-made tools and infrastructure. Unlike many criminal services that charge subscription fees, Sniper Dz reportedly offered its services free of charge. Instead, its operators generated revenue through a “double theft” model by secretly collecting credentials stolen by their own affiliates, while also forcing victims into premium SMS subscriptions and carrier billing fraud schemes.
Investigators found that the platform enabled phishing attacks impersonating more than 30 organizations and online services, including Facebook, PayPal, Netflix, and Algérie Télécom. Victims were typically lured through fake advertisements, fraudulent marketplace listings, phishing links, and deceptive browser notifications.
A common tactic involved tricking users into clicking “Allow” on browser notification requests. Once permission was granted, attackers could continuously send fraudulent alerts and advertisements, creating a persistent channel for scams and monetization. The operators also used public proxy servers to help distribute phishing content and bypass certain filtering mechanisms.
The investigation highlights the growing sophistication of modern cybercrime, where platforms provide tools, infrastructure, and support that lower the barriers to entry for criminals. By transforming phishing into a service-based business model, operations such as Sniper Dz can scale attacks across multiple countries and thousands of victims.
Through Operation Ramz, authorities disrupted the platform’s infrastructure, gathered intelligence on associated criminal activity, and coordinated enforcement actions across multiple jurisdictions. While the takedown represents a significant success for law enforcement, it also serves as a reminder that phishing remains one of the most effective forms of cybercrime and that user awareness remains a critical line of defense.