Insights into the cyber threat campaigns that affected MENA region in Q2 2021

In Opinions

Jens Monrad, Director, Head of Mandiant Intelligence, EMEA shares insights on the cyber threat campaigns that have affected the MENA region in Q2 2021.

Financial and espionage motivated cyber threats campaigns continue to be the most impactful and frequent categories of the region’s cyber attacks. 

The Middle East and North Africa regions continue to be targeted by cyber espionage operations seeking political, strategic, or economic advantage, particularly by Iran-linked groups, Russian and Chinese threat actors. Iran-linked information operations have also been observed – we suspect that some regional states possess or are developing information operations capabilities.

Financially motivated threat activity is fast becoming a high-volume threat to both organisations and individuals in the Middle Eastern and North African countries. 

The most significant threat actor we have identified in Q2 in the Middle East Region is TEMP.Zagros. 

TEMP.Zagros is an Iran-nexus cyberespionage actor active since at least May 2017. TEMP.Zagros targeting is prolific and widespread, affecting multiple industries throughout the Middle East, Central and South Asia, including government, defence, telecommunications, energy, and finance. Known and suspected targets indicate that TEMP.Zagros is likely tasked to conduct reconnaissance and collect strategic information, including geopolitical, diplomatic, defence, and possibly energy-related materials, to support Iranian interests and decision-making. 

Furthermore, the targeting of telecommunications entities may signal TEMP.Zagros’ use of third parties to enable access to primary targets and facilitate other intrusion activities.  Targeting patterns and related lures demonstrate a strong focus on targets with a geopolitical nexus and the telecommunications sector in Saudi Arabia, Pakistan, and Turkey.

The top malware detections for Q2 2021 in the Middle East and North Africa also show a continued focus on credential theft. Malware that can steal credentials from victims can allow further compromises of both private and government enterprises and personally targeted fraud. 

As the region continues to digitalise infrastructure, it will likely attract cyber threats that are financially motivated, as stolen credentials provide access to enterprises or serve as a path for ransomware deployments. To better defend against credential theft, organisations should implement multi-factor authentication wherever possible and minimise the usage of global or local administrative privileges for users. Additionally, monitoring and tracking unusual activity from authenticated users could allow an organisation to discover an unusual activity at an earlier stage, which is crucial to minimise the threat and its impact.


You may also read!

Whose job is it to manage cybersecurity?

Paul Proctor, Distinguished VP Analyst at Gartner explains that one should stop pointing at the CIO when it come


Vectra acquires Siriux Security Technologies

Vectra AI announced the acquisition of Siriux Security Technologies, a leading provider of identity and software as a service (SaaS) posture management.


Safe Security in strategic collaboration with Infosys

Safe Security announced a strategic collaboration with Infosys to combine its SaaS platform SAFE with Infosys’s capabilities in quantitative cyber risk


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu