GCC Countries Most Targetedfrom Cyber Threats by Regional State-Sponsored Actors,

 

Group-IB unveils High-Tech Crime Trends Report 2025 for the Middle East,
Turkey and Africa

 

[UAE, Dubai; 13th March 2025]: State-sponsored cyber threats, including Advanced Persistent Attacks (APTs) and Hacktivism, surged in the Middle East in 2024, with GCC countries emerging as primary targets. These attacks are largely fuelled by geopolitical conflicts,
according to a report released by Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime.

Released today, Group-IB’s High-Tech Crime Trends Report 2025 provides a comprehensive analysis of the
interconnectivity of cybercrime, and the evolving cyber threat landscape in the
Middle East and Africa region. The report offers valuable intelligence on
advanced persistent threats, hacktivism, and emerging cyber threats, empowering
businesses, cybersecurity professionals, and law enforcement in the Middle East
with the insights needed to enhance their cybersecurity strategies.

The report said that though APTs in the region
saw a 4.27 percent increase compared to a 58 percent surge globally, 27.5 per cent of these threats from state-backed espionage groups were actively targeted at GCC countries.

Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA
at Group-IB, said: “Our report
captures the dynamic and complex nature of cyber threats faced by the Middle
East today. It shows that cybercrime is not a collection of isolated incidents,
but an evolving ecosystem where one attack fuels the next. From sophisticated
state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns,
the insights presented in this report are essential for organizations seeking
to strengthen their cybersecurity defenses.”

 

Hacktivist attacks targeting countries and industries

While GCC countries were the most targeted du to their strategic economic and political importance, other significant targets
included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles,
while countries like Jordan (7.7%), Iraq (6.6%), as well as Nigeria, South Africa, Morocco, and Ethiopia also face growing cyber threats.

In 2024, the Middle East and Africa (MEA) ranked third, globally in hacktivist attacks, accounting for 16.54% of incidents,
trailing behind Europe (35.98%) and Asia-Pacific (39.19%).

According to the report, the primary industries
affected included government and military sectors (22.1%), financial services
(10.9%), education (8%), and media and entertainment (5.2%) sectors were also
targeted, with attacks aimed at disrupting critical infrastructure and essential services. This uptick is driven by ongoing geopolitical tensions, where cyberattacks are used for ideological expression or political retaliation.

Phishing and data breaches

The report also shed light on other pressing
cybersecurity challenges, including the persistent threat of phishing and data
breaches across the GCC and the wider MEA region.  As the region continues its rapid digital transformation, it has become a prime target for increasingly sophisticated scams targeting the energy, oil and gas industry (24.9%), financial services (20.2%) highlighting
the economic motives behind cybercrime. Phishing attacks also remain a major
threat, with internet services (32.8%), telecommunications (20.7%), and
financial services (18.8%) being the top targeted sectors in the META region.

“We must embrace a collective defense strategy that unites financial institutions,
telecommunications providers, and law enforcement agencies. By sharing
intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent
fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.

The report highlighted that ransomware attacks remained relatively low in the MEA region, with only 184 incidents (the lowest
globally). It also highlights ongoing concerns regarding Initial Access Brokers
(IABs) and the broader vulnerabilities they exploit. In 2024, IAB activity was
significant in the region, with GCC countries (23.2%) and Turkey (20.5%)
emerging as the most targeted jurisdictions. Meanwhile, the figures for compromised hosts—which represent credentials and sensitive data from compromised
devices, often sold on the dark web—were highest in Egypt (88,951), followed by
Turkey (79,789) and Algeria (49,173) exposing significant cybersecurity gaps.

Dark web economy thrives on stolen data

Stolen credentials and sensitive corporate data sold on the dark web served as critical entry points for ransomware operators,
state-sponsored attackers, and other cybercriminals. The report disclosed that
over 6.5 billion leaked data entries included email addresses, with nearly 2.5
billion being unique. Additionally, 3.3 billion leaked entries contained phone numbers, with approximately 631 million unique numbers.

A staggering 460 million passwords were exposed globally in 2024, with 162 million of them being unique. This surge is exposed
data continues to fuel cybercriminal activities within the dark web economy, amplifying the risk to organizations and individuals alike.

Dmitry Volkov, CEO of Group-IB, emphasizes the company’s role in global cybercrime prevention: “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious
infrastructures. These efforts disrupted large-scale cybercriminal networks,
highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”

The report said threat actors employed advanced tactics, techniques, and procedures (TTPs), including social engineering,
ransomware, and credential theft. New techniques such as the extended Attributes Attack, Facial-Recognition Trojan (GoldPickaxe.iOS), and ClickFix
infection chain showcases the evolving sophistication of cyber threats in the
region.

To gain further insight into these findings, the
full High-Tech Crime Trends 2025 report is available here.