Abu Dhabi – February 18, 2026: The UAE Government Cybersecurity Council has revealed that 71.4% of tracked cyber threat actors targeting the country are state-sponsored advanced persistent threat (APT) groups, underscoring the scale and sophistication of digital risks facing national infrastructure.
Dr. Mohamed Hamad Al Kuwaiti, Head of the UAE Government Cybersecurity Council, said the country faces between 90,000 and 200,000 breach attempts daily. He emphasized that these attempts are proactively detected and neutralized without disrupting services or compromising data security.
Since the start of 2026, authorities have confirmed 128 cyber threat incidents affecting entities across the UAE. These included ransomware attacks, website defacements, data breaches, data leaks, initial access compromises, and distributed denial-of-service attacks. All incidents were managed under unified national response protocols to ensure rapid containment.
Government and Financial Sectors Most Targeted
Government administration and financial services and banking were the most targeted sectors, followed by real estate, construction, professional services, transport and logistics, hospitality, education, and other industries.
Breakdown of attack types showed defacement accounting for 38.3% of incidents, followed by data leaks at 25.8%, data breaches at 13.3%, initial access at 10.2%, ransomware at 7.8%, and DDoS attacks at 4.7%.
Of the 21 actively tracked APT groups, 15 were state-sponsored actors, representing 71.4% of tracked threats. Cybercriminal and hacktivist groups each accounted for 14.3%.
Geographic and Digital Channels of Threat
Asia accounted for approximately 66.7% of state-sponsored actor origins, followed by Europe at 14.3%, with the remainder linked to Middle Eastern or cross-regional actors.
Nearly half of tracked incidents were coordinated via Telegram (49.2%), while 40.6% originated from open web forums and marketplaces, and 10.2% were associated with Tor-based dark web infrastructure, particularly ransomware ecosystems.
Deepfake and Disinformation Risks Rising
Dr. Al Kuwaiti highlighted the increasing use of deepfake technologies to spread misinformation, manipulate markets, and undermine public trust. Fabricated videos depicting public figures endorsing fraudulent schemes or issuing false decisions are being monitored closely.
Regional geopolitical tensions across North Africa and the Gulf have intensified online narratives targeting the UAE, with AI-enabled disinformation contributing to higher rumor propagation and hacktivist activity.
National Strategy and Response Framework
The UAE’s cybersecurity framework includes a centralized National Security Operations Centre that monitors alerts nationwide, enabling real-time intelligence sharing and coordinated responses.
The national cybersecurity strategy for 2025–2031 outlines a comprehensive roadmap to strengthen digital resilience, combining early detection systems, advanced content analysis, regulatory oversight for AI technologies, and public awareness initiatives.
Authorities also continue investing in cybersecurity talent development through specialized training programs, leadership academies, and innovation support, while strengthening international cooperation to counter cross-border threats.
