State-sponsored cyber threats, including Advanced Persistent Attacks and Hacktivism surged in the Middle East in 2024, with GCC countries emerging as primary targets, according to a report released by Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime.

Group-IB’s High-Tech Crime Trends Report 2025 provides a comprehensive analysis on the interconnectivity of cybercrime, and the evolving cyber threat landscape in the Middle East and Africa region. 

It offers valuable intelligence on advanced persistent threats, hacktivism, and emerging cyber threats, empowering businesses, cybersecurity professionals, and law enforcement in the Middle East with insights to enhance their cybersecurity strategies.

The report said that though APTs in the region saw a 4.27 percent increase compared to a 58 percent surge globally, 27.5 percent of these threats from state-backed espionage groups were actively targeted at GCC countries.

Ashraf Koheil, regional sales director MEA at Group-IB, said: “Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defenses.”

While GCC countries were the most targeted due to their strategic economic and political importance, other significant targets included Egypt (13.2 percent) and Turkey (9.9 percent), reflecting their geopolitical roles, while countries like Jordan (7.7 percent), Iraq (6.6 percent), as well as Nigeria, South Africa, Morocco, and Ethiopia also face growing cyber threats.

In 2024, the MEA ranked third globally in hacktivist attacks, accounting for 16.54 percent of incidents, trailing behind Europe (35.98 percent) and Asia-Pacific (39.19 percent).

The primary industries affected included government and military sectors (22.1 percent), financial services (10.9 percent), education (8 percent), and media and entertainment (5.2 percent), with attacks aimed at disrupting critical infrastructure and essential services. This uptick is driven by ongoing geopolitical tensions, where cyberattacks are used for ideological expression or political retaliation.

The report also shed light on other pressing cybersecurity challenges including the persistent threat of phishing and data breaches across the GCC and the wider MEA region.  

As the region continues its rapid digital transformation, it has become a prime target for increasingly sophisticated scams targeting the energy, oil and gas industry (24.9 percent), financial services (20.2 percent) highlighting the economic motives behind cybercrime.

Phishing attacks also remain a major threat, with internet services (32.8 percent), telecommunications (20.7 percent), and financial services (18.8 percent) being the top targeted sectors in the META region.

“We must embrace a collective defense strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.

The report highlighted that ransomware attacks remained relatively the lowest globally in the MEA region, with only 184 incidents. 

It also highlights ongoing concerns regarding Initial Access Brokers (IABs) and the broader vulnerabilities they exploit. In 2024, IAB activity was significant in the region, with GCC countries (23.2 percent) and Turkey (20.5 percent) emerging as the most targeted jurisdictions. Meanwhile, the figures for compromised hosts — which represent credentials and sensitive data from compromised devices, often sold on the dark web — were highest in Egypt (88,951), followed by Turkey (79,789) and Algeria (49,173) exposing significant cybersecurity gaps.

Stolen credentials and sensitive corporate data sold on the dark web enabled ransomware, state-sponsored attacks, and cybercrimes. Over 6.5 billion leaked data entries included email addresses, with nearly 2.5 billion being unique. Additionally, 3.3 billion leaked entries contained phone numbers, with approximately 631 million unique numbers.

A staggering 460 million passwords were exposed globally in 2024, with 162 million of them being unique. This continues to fuel cybercriminal activities within the dark web economy, amplifying the risk to organizations and individuals alike.

Dmitry Volkov, CEO of Group-IB, said: “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”

The report said threat actors employed advanced tactics, techniques, and procedures, including social engineering, ransomware, and credential theft. New techniques such as the Extended Attributes Attack, Facial-Recognition Trojan (GoldPickaxe.iOS), and ClickFix infection chain showcase the evolving sophistication of cyber threats in the region.

For further insight into these findings, see the full High-Tech Crime Trends 2025 report here.