The Middle East and North Africa regions continue to be targeted by cyber espionage operations seeking political, strategic, or economic advantage, particularly by Iran-linked groups, Russian and Chinese threat actors
Financially motivated threat activity is fast becoming a high-volume threat to both organisations and individuals in the Middle Eastern and North African countries.
The most significant threat actor we have identified in Q2 in the Middle East Region is TEMP.Zagros. TEMP.Zagros is an Iran-nexus cyberespionage actor active since at least May 2017. TEMP.Zagros targeting is prolific and widespread, affecting multiple industries throughout the Middle East, Central and South Asia, including government, defence, telecommunications, energy, and finance. Known and suspected targets indicate that TEMP.Zagros is likely tasked to conduct reconnaissance and collect strategic information, including geopolitical, diplomatic, defence, and possibly energy-related materials, to support Iranian interests and decision-making.
The top malware detections for Q2 2021 in the Middle East and North Africa also show a continued focus on credential theft. Malware that can steal credentials from victims can allow further compromises of both private and government enterprises and personally targeted fraud.
As the region continues to digitalise infrastructure, it will likely attract cyber threats that are financially motivated, as stolen credentials provide access to enterprises or serve as a path for ransomware deployments. To better defend against credential theft, organisations should implement multi-factor authentication wherever possible and minimise the usage of global or local administrative privileges for users. Additionally, monitoring and tracking unusual activity from authenticated users could allow an organisation to discover an unusual activity at an earlier stage, which is crucial to minimise the threat and its impact.