- GCC Countries Most Targeted from Cyber Threats by Regional State-Sponsored Actors, says Report
- Group-IB contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures
Dmitry Volkov, CEO of Group-IB presenting Group-IB’s High Tech Crime Trends Report 2025.
[UAE, Dubai; 13 March 2025]: State-sponsored cyber threats, including Advanced Persistent Attacks (APTs) and Hacktivism surged in the Middle East in 2024, with GCC countries emerging as primary targets. These attacks are largely fuelled by geopolitical conflicts, according to a report released by Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime.
(From L-R) Dmitry Volkov, CEO of Group-IB, Craig Jones, independent Strategic Advisor at Group-IB, and Former Director of Cybercrime at the INTERPOL and Ashraf Koheil, Regional Sales Director MEA at Group-IB, discussing the evolving cyber threat landscape across the Middle East during the launch of Group-IB’s High Tech Crime Trends Report 2025.
Released today, Group-IB’s High-Tech Crime Trends Report 2025 provides a comprehensive analysis on the interconnectivity of cybercrime, and the evolving cyber threat landscape in the Middle East and Africa region. The report offers valuable intelligence on advanced persistent threats, hacktivism, and emerging cyber threats, empowering businesses, cybersecurity professionals, and law enforcement in the Middle East with the insights needed to enhance their cybersecurity strategies.
The report said that though APTs in the region saw a 4.27 per cent increase compared to a 58 per cent surge globally, 27.5 per cent of these threats from state-backed espionage groups were actively targeted at GCC countries.
Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA at Group-IB, said: “Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defenses.”
Hacktivist attacks targeting countries and industries
While GCC countries were the most targeted due to their strategic economic and political importance, other significant targets included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles, while countries like Jordan (7.7%), Iraq (6.6%), as well as Nigeria, South Africa, Morocco, and Ethiopia also face growing cyber threats.
In 2024, the Middle East and Africa (MEA) ranked third globally in hacktivist attacks, accounting for 16.54% of incidents, trailing behind Europe (35.98%) and Asia-Pacific (39.19%).
According to the report, the primary industries affected included government and military sectors (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%) sectors were also targeted, with attacks aimed at disrupting critical infrastructure and essential services. This uptick is driven by ongoing geopolitical tensions, where cyberattacks are used for ideological expression or political retaliation.
Phishing and data breaches
The report also shed light on other pressing cybersecurity challenges including the persistent threat of phishing and data breaches across the GCC and the wider MEA region. As the region continues its rapid digital transformation, it has become a prime target for increasingly sophisticated scams targeting the energy, oil and gas industry (24.9%), financial services (20.2%) highlighting the economic motives behind cybercrime. Phishing attacks also remain a major threat, with internet services (32.8%), telecommunications (20.7%), and financial services (18.8%) being the top targeted sectors in the META region.
“We must embrace a collective defense strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.
The report highlighted that ransomware attacks remained relatively low in the MEA region, with only 184 incidents (the lowest globally). It also highlights ongoing concerns regarding Initial Access Brokers (IABs) and the broader vulnerabilities they exploit. In 2024, IAB activity was significant in the region, with GCC countries (23.2%) and Turkey (20.5%) emerging as the most targeted jurisdictions. Meanwhile, the figures for compromised hosts—which represent credentials and sensitive data from compromised devices, often sold on the dark web—were highest in Egypt (88,951), followed by Turkey (79,789) and Algeria (49,173) exposing significant cybersecurity gaps.
Dark web economy thrives on stolen data
Stolen credentials and sensitive corporate data sold on the dark web served as critical entry points for ransomware operators, state-sponsored attackers, and other cybercriminals. The report disclosed that over 6.5 billion leaked data entries included email addresses, with nearly 2.5 billion being unique. Additionally, 3.3 billion leaked entries contained phone numbers, with approximately 631 million unique numbers.
A staggering 460 million passwords were exposed globally in 2024, with 162 million of them being unique. This surge in exposed data continues to fuel cybercriminal activities within the dark web economy, amplifying the risk to organizations and individuals alike.
Dmitry Volkov, CEO of Group-IB emphasizes the company’s role in global cybercrime prevention: “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”
The report said threat actors employed advanced tactics, techniques, and procedures (TTPs), including social engineering, ransomware, and credential theft. New techniques such as the Extended Attributes Attack, Facial-Recognition Trojan (GoldPickaxe.iOS), and ClickFix infection chain showcase the evolving sophistication of cyber threats in the region.
To gain further insight into these findings, the full High-Tech Crime Trends 2025 report is available here.
ABOUT GROUP-IB
Established in 2003, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime globally. Headquartered in Singapore, and with Digital Crime Resistance Centers in the Americas, Europe, Middle East and Africa, Central Asia, and the Asia-Pacific, Group-IB analyses and neutralizes regional and country-specific cyber threats via its Unified Risk Platform, offering unparalleled defense through its industry-leading Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection, and External Attack Surface Management solutions, catering to government, retail, healthcare, gaming, financial sectors, and beyond. Group-IB collaborates with international law enforcement agencies like INTERPOL, EUROPOL, and AFRIPOL to fortify cybersecurity worldwide, and has been awarded by advisory agencies including Aite-Novarica, Gartner, Forrester, Frost & Sullivan, and KuppingerCole.
For more information, visit us at www.group-ib.com or connect with us on LinkedIn, X, Facebook, and Instagram.
FOR MEDIA INQUIRIES