INTERPOL Busts Sniper Dz Phishing Hub, Arrests Suspected Administrator

June 17, 2026 3 min read

International law enforcement agencies have dismantled a major phishing platform and arrested its suspected administrator in an operation coordinated across North Africa. The platform, known as Sniper Dz, sold hacking tools to cybercriminals through a dark web marketplace, enabling mass email fraud and credential theft against thousands of users worldwide.

Operation Targets Major Phishing Infrastructure

Interpol's cybercrime division led the operation alongside law enforcement agencies in North Africa, carrying out the arrests on Thursday in October. The coordinated action resulted in the seizure of servers hosting the platform and the arrest of one suspected administrator, disrupting a service that had operated for months.

The platform functioned as an automated phishing toolkit, allowing users with minimal technical skills to create convincing fraudulent emails and harvest login credentials from victims. Interpol officials confirmed the operation struck at infrastructure frequently exploited by multiple criminal groups.

Dark Web Marketplace Exposed

Sniper Dz operated as a subscription-based service on dark web forums, where paying customers could access ready-made phishing templates and hosting capabilities. The marketplace attracted dozens of buyers who used the tools to target individuals and organisations, according toInterpol's statement on the operation.

Authorities identified the platform as a significant hub for credential theft campaigns affecting users across multiple regions. The administrator, identified by authorities as An, managed the technical side of the operation, including maintaining the platform's servers and customer accounts.

Scale of the Criminal Service

The platform offered different subscription tiers, with basic packages starting at amounts accessible to amateur fraudsters. Premium tiers provided advanced features including bypass tools designed to evade email security filters. Investigators estimate the service facilitated attacks affecting thousands of victims before its shutdown.

Cybercrime specialists note that phishing-as-a-service platforms have lowered the barrier for digital fraud, allowing individuals without programming knowledge to launch sophisticated attacks. This business model has contributed to a surge in credential theft globally.

International Cooperation Behind the Takedown

The operation required close collaboration between Interpol's General Secretariat headquarters and national law enforcement agencies across North Africa. Investigators spent months tracing the platform's infrastructure and identifying its operator before moving in.

Interpol's Cybercrime Directorate provided analytical support and coordinated the intelligence-sharing that made the operation possible. The arrest represents one of the agency's larger takedowns of a phishing-as-a-service platform in recent years.

Why Phishing Platforms Threaten Everyday Users

Phishing attacks remain one of the most common starting points for identity theft and financial fraud. Criminals use harvested credentials to access bank accounts, corporate networks, and personal email, often selling the data on dark web markets.

Security researchers tracking Sniper Dz documented its use in campaigns impersonating major technology companies and financial institutions. The platform's templates were designed to trick recipients into entering passwords on fake login pages.

Citizens Advised to Stay Alert

Interpol urged internet users to verify email senders before clicking links and to enable two-factor authentication on important accounts. The agency warned that platforms like Sniper Dz often resurface under different names following takedowns.

Authorities encouraged anyone who may have entered credentials on suspicious pages to monitor their accounts for unusual activity and report potential compromises to local cybercrime units.

What Happens Next

Investigators are examining seized servers and digital evidence to identify additional suspects linked to the platform. Authorities indicated that further arrests in other countries remain possible as the investigation continues.

Interpol said it would share forensic findings with law enforcement agencies in affected countries to help victims take protective action. The agency also signaled plans to expand cooperation with private sector cybersecurity firms to improve early detection of phishing infrastructure.