State-sponsored cyber threats, including Advanced Persistent Threats (APTs) and hacktivism, saw a significant rise in the Middle East in 2024, with GCC countries emerging as key targets, according to the Group-IB High-Tech Crime Trends Report 2025. The report reveals a complex and evolving cyber threat landscape across the Middle East and Africa (MEA) region.
The report highlights a 4.27% increase in APTs in the region, a rise much lower than the 58% surge seen globally. A notable 27.5% of these threats, attributed to state-backed espionage groups, were directed specifically at GCC countries. The report offers crucial intelligence on these advanced threats, hacktivism, phishing campaigns, and emerging cyber risks, providing valuable insights to businesses, cybersecurity professionals, and law enforcement to strengthen regional defenses.
The Middle East’s strategic economic and political significance made it a top target, with countries like Egypt (13.2%) and Turkey (9.9%) also facing rising threats. Other countries such as Jordan (7.7%) and Iraq (6.6%) are increasingly under threat, along with Nigeria, South Africa, Morocco, and Ethiopia. The region ranked third globally in hacktivist attacks in 2024, accounting for 16.54% of global incidents.
Sectors most affected included government and military (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%), with attacks focused on disrupting critical infrastructure and essential services. Geopolitical tensions were identified as the driving force behind many cyberattacks, often linked to ideological or political motivations.
The report also pointed to ongoing challenges such as phishing attacks, data breaches, and targeted scams within sectors like energy, oil, gas, and financial services, as the region’s digital transformation accelerates. Phishing attacks remain a significant concern, particularly targeting internet services (32.8%), telecommunications (20.7%), and financial services (18.8%).
Ashraf Koheil, Regional Sales Director MEA at Group-IB
“The cyber threats faced by the Middle East are complex and interconnected, with each attack triggering the next. Our report offers vital intelligence on how to combat these evolving threats. Organizations must work together to strengthen their defenses and protect their critical infrastructure.”
The report also noted that while ransomware attacks remained relatively low in the MEA region, with only 184 incidents, Initial Access Broker (IAB) activity was prominent. GCC countries and Turkey were the most targeted for IAB activity, with significant data compromised, including email addresses and phone numbers, sold on the dark web. In total, over 6.5 billion data entries were leaked in 2024, highlighting the growing risks associated with credential theft and data breaches.
Dmitry Volkov, CEO of Group-IB
“Group-IB has been pivotal in global efforts against cybercrime, contributing to law enforcement operations across 60+ countries. Our collaborative work has led to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures, underscoring the importance of cooperation between private cybersecurity firms and international law enforcement.”
The report also highlighted the growing sophistication of cyber threats, with new techniques like the Extended Attributes Attack, Facial-Recognition Trojan (GoldPickaxe.iOS), and ClickFix infection chain posing increasing challenges to the region’s cybersecurity infrastructure.
As the region continues to grow digitally, the need for stronger, coordinated defenses becomes more urgent to counter the increasingly advanced and evolving cyber threats facing it.
