Five years after the Pegasus spyware attacks rocked the Middle East and North Africa, cybercrime remains a growing threat across the region. Last month, Morocco’s national social security agency faced a significant data breach, and Iran narrowly avoided a “major and sophisticated cyberattack” targeting critical infrastructure. Such cyberattacks threaten not only national security but also the internal stability of these nations, especially in a region already dealing with geopolitical volatility.
The Middle East and Africa continue to be hotspots for cyberattacks, accounting for nearly 17 percent of global hacktivist incidents. In 2024, nearly 28 percent of security breaches and hacktivism in the region were attributed to state-backed espionage.
In early April 2025, Morocco’s national social security agency disclosed the theft of sensitive employee data, including details of income, benefits, and pensions, as well as salaries of high-profile figures in business and politics. The stolen data was subsequently leaked on Telegram. Later in the month, Iranian authorities announced that they had successfully thwarted a major cyberattack targeting national infrastructure, a similar attack occurred in 2021 on Iran’s fuel system and in 2022 on a steel mill.
As the Middle East and North Africa continue to adopt digital technologies, including AI and fintech, cyberattacks underscore the risks associated with technological advancement. The region’s reliance on digital platforms has made it increasingly vulnerable to cyberattacks that disrupt essential services such as power, energy, transport, and communication systems.
The evolving sophistication of cyberattacks in the region highlights the urgent need for enhanced cybersecurity measures. Not only are these attacks a direct threat to critical infrastructure, but they also erode public trust, creating additional challenges for governments in the region. Cyberwarfare, while seen as the future of defense, is also becoming a major national security concern.
The region’s digital transformation has outpaced its ability to secure its cyber infrastructure. Many countries still rely on outdated systems and face a shortage of cybersecurity professionals, making them prime targets for cybercriminals. To address these vulnerabilities, the region must invest in local cyber education and training while attracting global talent. Such investments will not only strengthen national security but also generate new job opportunities.
Several countries in the region, including Morocco, Saudi Arabia, the UAE, Jordan, and Oman, are taking significant steps toward improving their cybersecurity infrastructure. Morocco’s National Cybersecurity Strategy, Saudi Arabia’s National Cybersecurity Authority, and the UAE’s Cybersecurity Council are among the leading efforts in this area.
However, regional cooperation is essential to effectively tackle cyber threats. While individual countries have made strides in cybersecurity, collaborative efforts at the regional level can foster dialogue, share best practices, and enhance collective defense strategies. The 2023-2027 Arab Cybersecurity Strategy represents a promising initiative for improving cybersecurity cooperation across the region, especially given the shared challenges in securing energy, food, and digital infrastructure.
