Home | An Overview of Cyber Attacks in the Middle East 2024 [Threat Note]

An Overview of Cyber Attacks in the Middle East 2024 [Threat Note]

Orlaith Traynor

4 min readJanuary 6, 2025

This blog is a summary of our latest threat note, “Middle East Cybersecurity Landscape 2024”, which is available for all our clients to read in the CybelAngel portal. Interested in reading this report as a non client? Get in touch with us to access this content.

What did we learn overall about cyber activity in the middle east in 2024?

Amid unrelenting conflict in recent years within this region, 2024 saw a geopolitical landscape fueled by cyber attacks driven by hacktivists and APT groups targeting governments, critical infrastructure, and the information security departments of international organizations.

Here are some of our report highlights:

  • The most targeted Middle Eastern countries are Israel (68.2%), followed by the United Arab Emirates (8.5%) and Saudi Arabia (6.6%)
  • DDoS attacks account for 73.2% of all attacks in 2024, with hacktivist groups being the primary perpetrators
  • The government and public sector are the hardest-hit industries in the Middle East
  • Top ransomware actors include LockBit 3.0, RansomHub, Stormous, and FunkSec while DDoS threats were led by hacktivists like RipperSec, Sylhet Gang-SG, and NoName057(16).
  • Data breach cybercrime groups include players like R57, IntelBroker, and Ddarknotevil

What were some notable patterns behind increasing cyber threats?

Notable spikes in malicious activity occurred in Israel as it became the primary target of cyberattacks in the Middle East, driven largely by the region’s complex geopolitical dynamics.

Here is a quick rundown of some examples of cybersecurity threats our analysts flagged within this report.

1: Expansive and deadly ‘silent’ attacks using Phishing Kits and PHaaS rose sharply

The growing sophistication of phishing kits and the rise of Phishing-as-a-Service (PhaaS) is a notable pattern that our REACT analysts detail further within this note. Social engineering and impersonation techniques, such as posing as law enforcement, to deceive victims and steal sensitive information were common initiatives

2: Common Vulnerabilities and Exposures (CVEs) increased by 30%

Managing historical vulnerabilities is more critical than ever as the new year kicks off. Long after their initial identification, CVEs are being weaponized by cyber criminals in the Middle East. Advancements in criminality saw rise of more advanced attack techniques. A key example was the Terrapin Attack (CVE-2023-48795), which exploited weaknesses in the SSH protocol, highlighting how encryption systems can be compromised under certain states.

3: Cybercriminals optimized DDoS attacks for concentrated devastation

CybelAngel tracked around 3,000 cyberattacks in the Middle East in 2024. This data paints a clear picture of the region’s evolving threat landscape. DDoS attacks were by far the most common, making up a striking 73.2% of all incidents.

The CybelAngel REACT team has conducted an in-depth analysis that uncovers significant trends in how Middle Easter organizations are being targeted. You’ll find rich detail within the full Threat Note report, including how cybercriminals are. leveraging defacement attacks, altering website content to disrupt operations, accounting for 7.6% of attacks.

CybelAngel analysts who contributed to this report note that, “We have clearly identified direct links between major conflict events followed by retaliatory cyber attacks, particularly in the case of Denial-of-Service (DdoS) attacks.

Who is behind the targeting of the middle east?

The short answer is a mix of established and emerging threat actors.

Among them, the Stormous Ransomware group, affiliated with the Five Families alliance, has emerged as a significant threat actor targeting UAE entities. In early May 2024, Stormous claimed responsibility for cyberattacks on several prominent UAE organizations, including Kids[.]ae, Bayanat, TDRA, FANR, and the Sharik citizen portal

Their strategic playbook of choice mixes ransomware attacks and data theft, while systematically target government institutions, critical infrastructure, and the private sector. Substantial ransoms (for example in the $6.7 million USD range) have been demanded in exchanged for stolen data.

Furthermore, RipperSec, a newly created (June 2023), pro-Palestinian, pro-Muslim hacktivist group operating from Malaysia has emerged as a significant player. This group likes to mix up DDoS attacks using self-developed tools, including Medusa and MegaMedusa. It is widely cited that their actions are driven by ideological motivations,particularly in support of Palestine.

RipperSec like to combine the dual force of data leaks alongside DDoS attacks, to disrupt services and maximize media attention

Within the full threat note you can read our threat actor analysis on all the other significant profiles involved including, LOCKBIT 3.0, RansomHub, Charming Kitten (as APT35), SYLHET GANG-SG, and more.

The latter group,a pro-Palestinian Bangladeshi hacker group, is particularly focused on politically motivated attacks, the most infamous against Saudi Arabia in October.

What kind of recommendations can you find in this threat note?

Within the full threat note, analyst comments delve further into the recommendations for you and your SOC team to minimize cyber risks in the region.

  • Endpoint Security Solutions (EDR)
  • Continuous Security Monitoring Centers (SOC)
  • Threat intelligence capabilities to review
  • Controlling your attack surface
  • How to design and enforce an incident response and management plan
  • Tips to employ an active threat discovery processes
  • Anti-DDoS solutions
  • Vulnerability scanning

You can review their cybersecurity risk insights as well as review regional and national cybersecurity strategies and initiatives implemented in 2024.

Good to know
CybelAngel scans 4.3B IPs every 24 hours to detect potential leaks and provide detailed attribution information at a document level. Mitigating threats is seamless with the right solution.

What are the main focus areas of this report?

Optimize your risk management outlook this year with help from our expert REACT team.

You’ll find clearcut pointers for regional trends to better adapt your cybersecurity capabilities.

Inside this report we dive into:

I. Tracking the most targeted countries in the region in 2024
II. A full threat landscape overview
III. Analysing the middle eastern cyber security ecosystem
IV. Wrapping up recommendations

Get the full picture of vulnerabilities targeting the middle east, only in our latest threat note

Keen to read further insights about ransomware targeting in the Middle East (Furiously unleashed by top players like LOCKBIT 3.0, RansomHub, Stormous, and co.)?

This threat note is a must-read for anyone concerned about rising DDoS attacks and data protection concerns. Be more equipped with cybersecurity strategy measures to fight back. Unfortunately, 2025 is set to be just as complicated in terms of ransomware attacks, malware, and the rise of artificial intelligence.

If you are not a CybelAngel client but also wish to have a complete picture of this trending threat actor, you can obtain access to this resource by getting in touch with our REACT team at [email protected].

Follow us on social media- LinkedIn, Twitter/X, Bluesky, and Facebook.

You can catch up with our other threat notes analysis:

The Free Database Leak: IBANS, PII…What to Expect?” and Telegram’s Privacy vs Security Identity Crisis [Threat Note].