INTERPOL Dismantles Sniper Dz Phishing Platform, Arrests Administrator

June 17, 2026 3 min read

Authorities have dismantled a major phishing platform called Sniper Dz and arrested its administrator in an operation coordinated across North Africa, INTERPOL announced Thursday.

Operation Targets Cybercrime Hub

The international law enforcement agency confirmed the arrest of Administrator An following a months-long investigation. Officers executed warrants simultaneously in multiple North African locations on Thursday, targeting what investigators described as a sophisticated criminal enterprise. The operation involved collaboration between INTERPOL, national police forces, and cybersecurity firms specialising in threat intelligence.

The Sniper Dz platform had served as a phishing-as-a-service operation, providing tools and infrastructure to criminals who sought to steal login credentials and financial data from victims worldwide. Authorities estimate the platform facilitated thousands of fraudulent schemes before its shutdown.

How the Platform Operated

Sniper Dz functioned as a centralised hub where subscribers could purchase phishing kits, hosting services, and email campaigns. The platform marketed itself through dark web forums, attracting users willing to pay for ready-made tools that mimicked legitimate banking and retail websites. Victims who entered their details on these fake sites had their information automatically harvested and stored on Sniper Dz servers.

Investigators from the INTERPOL Cybercrime Directorate traced transaction records and server logs back to the administrator operating from North Africa. Digital forensic experts spent several weeks analysing encrypted communications before identifying An as the platform's primary operator. The group running the service had established redundant server infrastructure across three countries to avoid detection.

Impact on Victims Across Continents

The takedown comes after reports indicated that individuals and businesses across Europe, Asia, and Africa had lost funds through schemes linked to Sniper Dz. Local authorities in several countries had logged complaints from citizens who received convincing phishing emails before their bank accounts were drained. The platform's template library contained hundreds of designs mimicking real companies, making it difficult for average users to identify fraudulent messages.

Interpol's Cybercrime Director warned that phishing remains one of the most accessible forms of cybercrime, requiring minimal technical skill to deploy. The Sniper Dz operation demonstrated how criminal enterprises have industrialised fraud, selling ready-made tools to anyone willing to pay. Citizens in Nigeria and other West African nations have reported increasing volumes of phishing attempts in recent months, according to regional law enforcement data.

Regional Security Implications

The North African connection highlights how cybercrime networks have expanded beyond traditional hubs in Eastern Europe and Southeast Asia. INTERPOL's Africa desk has recorded a steady rise in phishing-related complaints originating from or targeting citizens across the continent. Thursday's operation signals a willingness to pursue cross-border criminal groups operating from jurisdictions that have historically struggled with digital crime enforcement.

National police forces in the countries involved have pledged to prosecute those arrested under new cybercrime legislation introduced over the past three years. An now faces charges including unauthorised system access, financial fraud, and conspiracy. The investigation is expected to produce additional arrests as authorities continue examining data seized during the raids.

What Citizens Should Watch

Authorities urge internet users to verify unexpected emails requesting login details, particularly those mimicking banks or delivery services. INTERPOL recommends enabling two-factor authentication on all accounts storing financial information. The agency plans to publish a list of phishing templates recovered from Sniper Dz servers to help security firms update their detection systems.

Further announcements from INTERPOL and participating national agencies are expected within the coming weeks as the investigation expands. Citizens who believe they may have interacted with Sniper Dz-operated sites should monitor their financial statements and report suspicious activity to local authorities.