Threat Zone GCC 2024
Cyber threat overview for the GCC countries in 2024
About
Threat Zone GCC 2024 is an overview of the current cyber threat landscape in countries of the Gulf Cooperation Council region. In the research, we gathered practical information about the activity clusters operating in the region, their methods, tools, and motives.
We looked at complex targeted attacks from 10 clusters that were especially active in the region from 2023 till the first half of 2024 and presented an overview of their tactics, techniques, and procedures.
The publication will help you understand the methods used by adversaries to launch attacks in the Gulf countries. It provides up-to-date information for organizations to manage risks, make strategic decisions, and strengthen defenses.
We looked at complex targeted attacks from 10 clusters that were especially active in the region from 2023 till the first half of 2024 and presented an overview of their tactics, techniques, and procedures.
The publication will help you understand the methods used by adversaries to launch attacks in the Gulf countries. It provides up-to-date information for organizations to manage risks, make strategic decisions, and strengthen defenses.
In this overview, you will find:
-
Initial access techniques and examples of how adversaries find their way into the victim’s infrastructure.
-
Techniques used by adversaries to establish a foothold in the target system and the routines they utilize to achieve this goal.
-
How adversaries discover a compromised infrastructure.
-
Common techniques used by threat actors to move laterally and further impact the infrastructure.
The report also includes MITRE ATT&CK heat map.
Threat actor taxonomy
We classify and name the cybercriminal groups covered in this research according to their dominant motives:
Hyenas
Hacktivism
Wolves
Cybercrime
Werewolves
Espionage
10
activity clusters reviewed in the report
8 in 10
clusters focus on espionage
Key takeaways
Contrary to the global trend of adversaries operating for financial gain, the most active clusters in the GCC are motivated by espionage.
External‑facing remote services are the most common entry points for adversaries.
PowerShell is the most common command and scripting interpreter abused by threat actors in the GCC.
Some clusters engaged in espionage leverage commercial tools available on underground marketplaces.
Adversaries active in the GCC utilize a wide range of legitimate remote access tools.
The main impact is inflicted by exfiltrated sensitive data.
