“Unraveling Cybercrime: How Group-IB and INTERPOL Took Down the Infamous SniperDz Phishing Network”
Intelligence-Led Investigation Dismantles Extensive Phishing-as-a-Service Operation
Group-IB, a frontrunner in predictive cybersecurity technologies, has played a pivotal role in a coordinated investigation led by INTERPOL and the Algerian National Police. This initiative culminated in the arrest of the main developer behind SniperDz, a phishing-as-a-service (PhaaS) platform active for nearly ten years. Statistics from 2016 reveal that SniperDz campaigns had successfully harvested over 45,000 victim records, underscoring the operation’s far-reaching impact on individuals and brands globally.
Launched in 2015, SniperDz evolved into a sophisticated online criminal enterprise, providing ready-made phishing kits, hosting services, and operational support. Group-IB has identified over 20,000 unique domains tied to this PhaaS ecosystem, explicitly targeting more than 30 prominent global companies, such as PayPal, Facebook, Instagram, Yahoo, Netflix, and Steam.
Group-IB’s Investigations team uncovered 80 phishing templates in five languages—including Arabic, English, French, Spanish, and Hebrew—that targeted users across various sectors, from financial services to online gaming and telecommunications. Victims were directed to seemingly legitimate websites crafted to capture sensitive data, including credentials and personal information.
Beyond standard credential theft, SniperDz exploited social engineering techniques by leveraging the popularity of public figures throughout the Middle East and North Africa. Threat actors created fake social media profiles mimicking well-known political figures, using these accounts to distribute phishing links disguised as attractive offers or free internet access.
From Infrastructure Analysis to Threat Attribution
Group-IB initially detected SniperDz while monitoring large-scale phishing initiatives targeting recognized global brands and online services. As this operation proliferated across thousands of domains, it posed an escalating threat to organizations and consumers protected by Group-IB’s fraud and cybercrime investigations.
Through a months-long investigation, Group-IB combined infrastructure analysis, open-source intelligence (OSINT), and digital footprint correlation to pinpoint the individual deemed responsible for operating the SniperDz platform. This adversary-centric strategy allowed investigators to trace the threat actor’s online activity and presence over several years.
The investigation revealed a considerable operational security lapse by the suspect. Publicly accessible tutorial videos aimed at recruiting and training affiliates unintentionally revealed administrative details and account credentials. Moreover, years of social media activity captured the evolution of the platform, affiliate recruitment endeavors, and the introduction of new phishing templates. A Telegram channel with over 7,300 subscribers and a Facebook account boasting more than 19,000 followers provided critical evidence linking the suspect to the platform’s operations from 2015 to 2025.
Intelligence-Led Collaboration Results in Arrest
Group-IB’s findings were shared with INTERPOL, which subsequently coordinated an effort with the Algerian National Police. As part of Operation Ramz, infrastructure related to SniperDz was identified and dismantled, including the seizure of a website contracted to offer PhaaS capabilities to criminals. This operation led to the capture of the primary developer and operator of SniperDz, effectively shutting down a long-standing criminal enterprise.
“SniperDz exemplifies the necessity of adversary-centric intelligence,” stated Dmitry Volkov, CEO of Group-IB. “Combating cybercrime demands more than merely dismantling phishing pages. It requires a deep understanding of the personnel, infrastructure, and criminal ecosystems responsible. By integrating threat intelligence with comprehensive law enforcement collaboration, we successfully identified the individual accountable for nearly a decade of phishing operations.”
“Phishing-as-a-Service (PhaaS) represents a substantial global cyber threat, affecting millions and resulting in billions in losses. The collaboration between INTERPOL and Group-IB yielded actionable intelligence and support for Algerian law enforcement, leading to a significant victory—the identification and arrest of the SniperDz developer.” emphasized Neal Jetton, Director of Cybercrime at INTERPOL.
This arrest highlights the importance of intelligence-driven collaborations between law enforcement and cybersecurity firms in the battle against cybercrime. By leveraging local and global resources, investigators managed to uncover and dismantle a long-running phishing operation.
The takedown of SniperDz marks another success in Group-IB’s ongoing partnership with international law enforcement agencies such as INTERPOL, Europol, and AFRIPOL. To date, Group-IB has supported over 1,600 high-tech crime investigations across more than 60 countries, aiding in the identification and disruption of cybercriminal networks globally.
As phishing-as-a-service platforms continue to make cybercrime more accessible, intelligence-led investigations are crucial for dismantling the infrastructure and networks sustaining these operations. Group-IB is committed to assisting international law enforcement efforts through its advanced threat intelligence, facilitating the shift from reactive measures to proactive disruption of digital crime.
