Complex Made Simple

Kaspersky intelligence ranks the UAE’s most prominent APT threats

Kaspersky researchers have kept a close eye on the UAE for Advanced Persistent Threats (APT) and worked on 49 investigative reports related to 16 cyber gangs actively targeting the country since the start of the pandemic

These APT groups primarily target the UAE’s governmental, diplomatic and educational organizations Exploit public-facing applications, valid Accounts, and phishing are the most commons attack vectors Zeboracy is a trojan that is deployed as part of cyber espionage campaigns

Kaspersky researchers issued 49 threat intelligence reports on investigations associated with APT groups targeting the UAE. The country has the highest number of reports coming out of all the Middle Eastern countries, making it one of the most targeted countries in the region. Kaspersky has found that these APT groups primarily target the UAE’s governmental and diplomatic institutions as well as educational organizations. Other targeted entities include financial institutions, IT companies, healthcare, law firms, military, and defense. Some of the notorious APT groups investigated in the UAE are the SideCopy, MuddyWater, DeathStalker, Zeboracy, Turla and Lazarus.

The research team has found that exploit public-facing applications, valid Accounts, and phishing are the most common attack vectors against the UAE’s infrastructures. For example, the SideCopy APT group carries out malware campaigns targeting entities for espionage purposes. MuddyWater, a Middle Eastern espionage motivated APT group targets government, telco, and oil companies to derive information, using compromised accounts to send spearphishing emails with targeted attachments to recipients.

Zeboracy is a trojan that is deployed as part of cyber espionage campaigns to collect initial data from compromised systems. The Turla APT Group is popular for conducting watering hole and spear-phishing campaigns. They infect websites regularly visited by organizations and lure them to malicious websites. DeathStalker is a hacker-for-hire group and mainly focuses on cyber-espionage against law firms and organizations in the financial sector. The group is known for using an iterative, fast-paced approach to software design, making them able to execute effective campaigns. The Lazarus APT group uses the watering hole attack strategy in which they observe which websites are frequented by an organization and infects one or more of them with malware.

Nouf Alqahtani, Cyber Threat Intelligence Senior Analyst at STC, said: “Company employees are known to be the first line of defense against cyberattacks and shoulder the responsibility to protect data, which is the most important asset of any organization. To strengthen this line and make it impenetrable, it is imperative that organizations give cybersecurity training and education an equal footing across the board within the company.”

Artificial Intelligence, the Internet of Things, Blockchain, Fintech, and 5G are rapidly gaining traction across the UAE’s public and private sectors. The country is poised to become a global leader in the digital economy, and increasing connectivity often correlates with an increase in targeted cyber threats.

The country has geared itself up to tackle even the most challenging cybersecurity attacks by placing cybersecurity at the forefront of its digital transformation. According to the Global Cybersecurity Index, the UAE ranked second in the MENA region in its commitment to cybersecurity. This further reaffirms the government’s dedication towards improving its cybersecurity capabilities.