● GCC Countries Most Targeted from Cyber Threats by Regional State-Sponsored
Actors, says Report
● Group-IB contributed to eight major law enforcement operations across 60+ countries,
leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious
infrastructures
[UAE, Dubai; 13 March 2025]: State-sponsored cyber threats, including Advanced
Persistent Attacks (APTs) and Hacktivism surged in the Middle East in 2024, with GCC
countries emerging as primary targets. These attacks are largely fuelled by geopolitical
conflicts, according to a report released by Group-IB, a leading creator of cybersecurity
technologies to investigate, prevent, and fight digital crime.
Released today, Group-IB’s High-Tech Crime Trends Report 2025 provides a
comprehensive analysis on the interconnectivity of cybercrime, and the evolving cyber
threat landscape in the Middle East and Africa region. The report offers valuable
intelligence on advanced persistent threats, hacktivism, and emerging cyber threats,
empowering businesses, cybersecurity professionals, and law enforcement in the
Middle East with the insights needed to enhance their cybersecurity strategies.
The report said that though APTs in the region saw a 4.27 per cent increase compared
to a 58 per cent surge globally, 27.5 per cent of these threats from state-backed
espionage groups were actively targeted at GCC countries.
Commenting on the release of the report, Ashraf Koheil, Regional Sales Director
MEA at Group-IB, said: “Our report captures the dynamic and complex nature of
cyber threats faced by the Middle East today. It shows that cybercrime is not a
collection of isolated incidents, but an evolving ecosystem where one attack fuels the
next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and
phishing campaigns, the insights presented in this report are essential for
organizations seeking to strengthen their cybersecurity defenses.”
Hacktivist attacks targeting countries and industries
While GCC countries were the most targeted due to their strategic economic and
political importance, other significant targets included Egypt (13.2%) and Turkey
(9.9%), reflecting their geopolitical roles, while countries like Jordan (7.7%), Iraq
(6.6%), as well as Nigeria, South Africa, Morocco, and Ethiopia also face growing
cyber threats.
In 2024, the Middle East and Africa (MEA) ranked third globally in hacktivist attacks,
accounting for 16.54% of incidents, trailing behind Europe (35.98%) and Asia-Pacific
(39.19%).
According to the report, the primary industries affected included government and
military sectors (22.1%), financial services (10.9%), education (8%), and media and
entertainment (5.2%) sectors were also targeted, with attacks aimed at disrupting
critical infrastructure and essential services. This uptick is driven by ongoing
geopolitical tensions, where cyberattacks are used for ideological expression or
political retaliation.
Phishing and data breaches
The report also shed light on other pressing cybersecurity challenges including the
persistent threat of phishing and data breaches across the GCC and the wider MEA
region. As the region continues its rapid digital transformation, it has become a prime
target for increasingly sophisticated scams targeting the energy, oil and gas industry
(24.9%), financial services (20.2%) highlighting the economic motives behind
cybercrime. Phishing attacks also remain a major threat, with internet services
(32.8%), telecommunications (20.7%), and financial services (18.8%) being the top
targeted sectors in the META region.
“We must embrace a collective defense strategy that unites financial institutions,
telecommunications providers, and law enforcement agencies. By sharing
intelligence, coordinating proactive security measures, and executing joint actions, we
can disrupt fraudulent activities before they cause harm. This collaborative approach
not only enhances our ability to detect and prevent fraud but also strengthens the
resilience of our critical infrastructure, protects our national security,” added Ashraf
Koheil.
The report highlighted that ransomware attacks remained relatively low in the MEA
region, with only 184 incidents (the lowest globally). It also highlights ongoing concerns
regarding Initial Access Brokers (IABs) and the broader vulnerabilities they exploit. In
2024, IAB activity was significant in the region, with GCC countries (23.2%) and
Turkey (20.5%) emerging as the most targeted jurisdictions. Meanwhile, the figures
for compromised hosts—which represent credentials and sensitive data from
compromised devices, often sold on the dark web—were highest in Egypt (88,951),
followed by Turkey (79,789) and Algeria (49,173) exposing significant cybersecurity
gaps.
Dark web economy thrives on stolen data
Stolen credentials and sensitive corporate data sold on the dark web served as critical
entry points for ransomware operators, state-sponsored attackers, and other
cybercriminals. The report disclosed that over 6.5 billion leaked data entries included
email addresses, with nearly 2.5 billion being unique. Additionally, 3.3 billion leaked
entries contained phone numbers, with approximately 631 million unique numbers.
A staggering 460 million passwords were exposed globally in 2024, with 162 million of
them being unique. This surge in exposed data continues to fuel cybercriminal
activities within the dark web economy, amplifying the risk to organizations and
individuals alike.
Dmitry Volkov, CEO of Group-IB emphasizes the company’s role in global
cybercrime prevention: “Group-IB played an intensified role in its global fight against
cybercrime and contributed to eight major law enforcement operations across 60+
countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000
malicious infrastructures. These efforts disrupted large-scale cybercriminal networks,
highlighting the critical role of collaboration between private cybersecurity firms and
international law enforcement.”
The report said threat actors employed advanced tactics, techniques, and procedures
(TTPs), including social engineering, ransomware, and credential theft. New
techniques such as the Extended Attributes Attack, Facial-Recognition Trojan
(GoldPickaxe.iOS), and ClickFix infection chain showcase the evolving sophistication
of cyber threats in the region.
To gain further insight into these findings, the full High-Tech Crime Trends 2025 report
is available here.
ABOUT GROUP-IB
Established in 2003, Group-IB is a leading creator of cybersecurity technologies to investigate,
prevent, and fight digital crime globally. Headquartered in Singapore, and with Digital Crime
Resistance Centers in the Americas, Europe, Middle East and Africa, Central Asia, and the
Asia-Pacific, Group-IB analyses and neutralizes regional and country-specific cyber threats
via its Unified Risk Platform, offering unparalleled defense through its industry-leading Threat
Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and
Response (XDR), Business Email Protection, and External Attack Surface Management
solutions, catering to government, retail, healthcare, gaming, financial sectors, and beyond.
Group-IB collaborates with international law enforcement agencies like INTERPOL,
EUROPOL, and AFRIPOL to fortify cybersecurity worldwide, and has been awarded by
advisory agencies including Aite-Novarica, Gartner, Forrester, Frost & Sullivan, and
KuppingerCole.
For more information, visit us at www.group-ib.com or connect with us on LinkedIn, X,
Facebook, and Instagram.
FOR MEDIA INQUIRIES
Group-IB Public Relations
**@Gr******.com
