Kaspersky intelligence ranks the UAE’s most prominent APT threats

Kaspersky researchers have kept a close eye on the UAE for Advanced Persistent Threats (APT) and have worked on 49 investigative reports related to 16 cyber gangs actively targeting the country since the start of the pandemic in 2020.

Kaspersky researchers issued 49 threat intelligence reports on investigations associated with APT groups targeting the UAE. The country has the highest number of reports coming out of all the Middle Eastern countries, making it one of the most targeted countries in the region. Kaspersky has found that these APT groups primarily target the UAE’s governmental and diplomatic institutions as well as educational organizations. Other targeted entities include financial institutions, IT companies, healthcare, law firms, military and defence. Some of the notorious APT groups investigated in the UAE are the SideCopy, MuddyWater, DeathStalker, Zeboracy, Turla and Lazarus.

The research team has found that Exploit Public facing Applications, Valid Accounts, and Phishing are the most commons attack vectors against the UAE’s infrastructures. For example, the SideCopy APT group carries out malware campaigns targeting entities for espionage purposes. MuddyWater, a Middle Eastern espionage motivated APT group targets government, telco and oil companies to derive information, using compromised accounts to send spearphishing emails with targeted attachments to recipients. Zeboracy is a trojan that is deployed as part of cyber espionage campaigns to collect initial data from compromised systems. The Turla APT Group is popular for conducting watering hole and spear phishing campaigns. They infect websites regularly visited by organizations and lure them to a malicious website. DeathStalker is a hacker-for-hire group and mainly focus on cyberespionage against law firms and organizations in the financial sector. The group is known for using an iterative, fast-paced approach to software design, making them able to execute effective campaigns. The Lazarus APT group uses the watering hole attack strategy in which they observe which websites are frequented by an organization and infects one or more of them with malware.

Abdessabour Arous, Security Researcher, GReAT, Kaspersky commented: “Targeted threats are getting more and more sophisticated every day. Investigating and reporting on these groups provides us great visibility into their motives and movements. From each report, we are able to form deeper insights, and equip relevant stakeholders with knowledge they need to remain protected. Today, all organisations have a pressing need to stay informed; as this allows security teams to predict what the attacker’s next move would be and take appropriate steps to protect themselves against future incidents.”

Nouf Alqahtani, Cyber Threat Intelligence Senior Analyst at STC, said: “Company employees are known to be the first line of defense against cyberattacks and shoulder the responsibility to protect data, which is the most important asset of any organization. To strengthen this line and make it impenetrable, it is imperative that organizations give cybersecurity trainings and education an equal footing across the board within the company. Perhaps make each employee across the hierarchy compliant to learn about secure ways of operating devices, sharing data internally and externally and understand the evolving nature of cybercrime. Employees knowledgeable in cybersecurity know what red flags look like when company networks, devices and information are under threat. After employees, I believe defense is started by threat intelligence, and organizations should be driven by Threat intelligence”

Artificial Intelligence, the Internet of Things, Blockchain, Fintech, and 5G are rapidly gaining traction across the UAE’s public and private sectors. The country is poised to become a global leader in the digital economy, and increasing connectivity often correlates with an increase in targeted cyber threats. The country has geared itself up to tackle even the most challenging cybersecurity attacks by placing cybersecurity at the forefront of its digital transformation. According to the Global Cybersecurity Index, the UAE ranked second in the MENA region in its commitment towards cybersecurity. Further reaffirming the government’s dedication towards improving its cybersecurity capabilities.

Kaspersky continuously monitors APT groups and provides unique ongoing access to investigations and discoveries, including full technical data, provided in a range of formats, on each APT as it emerges. Kaspersky works with legal authorities and shares intelligence needed to track and prosecute the groups behind such attacks.