Threats Affecting Bahrain

The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region. The post 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa appeared first on SecurityWeek .

MediumVulnerabilityAlgeriaBahrainEgypt+10

In March 2026, a China-nexus threat actor launched a sophisticated campaign targeting countries in the Arabian Gulf region, exploiting renewed Middle East conflict themes within 24 hours of escalation. The attack utilized Arabic-language lures depicting missile strikes and employed a multi-stage infection chain beginning with weaponized ZIP archives containing malicious LNK and CHM files. The campaign deployed a heavily obfuscated PlugX backdoor variant through DLL sideloading, with components using control flow flattening and mixed boolean arithmetic techniques. The backdoor supports HTTPS command-and-control communications, DNS-over-HTTPS resolution, and multiple plugins for system manipulation. Based on tools, techniques, and procedures including specific RC4 decryption keys and rapid geopolitical weaponization, the activity is attributed with medium confidence to Mustang Panda.

MediumMalwareBahrainKuwaitOman+3#china-nexus#destroyrat#arabian gulf

A new cybercriminal group, Nasir Security, believed to be associated with Iran, is targeting energy organizations in the Middle East. They focus on attacking supply chain vendors involved in engineering, safety, and construction. The group emerged in October 2025 and has claimed attacks on various energy sector companies, including Dubai Petroleum, CC Energy Development, and Al-Safi Oil Company. However, their claims are likely exaggerated, and the actual breaches appear to be of third-party contractors. The group's tactics include business email compromise, spear phishing, and exploiting public-facing applications. Their activities are seen as part of a broader Iranian strategy to conduct cyberattacks and spread misinformation during ongoing geopolitical conflicts.

MediumCampaignUnited Arab EmiratesSaudi ArabiaQatar+4#disinformation#energy sector#business email compromise

The ongoing Middle East crisis has given rise to opportunistic online fraudulent activities. Two main strands have been observed: confirmed government-impersonation fraud and suspicious evacuation-themed websites. Fraudsters are exploiting the confusion and urgency surrounding the crisis to launch phishing campaigns and create deceptive websites. A notable example includes an email impersonating UAE authorities, urging recipients to complete a mandatory emergency registration form. Additionally, several newly registered websites offering evacuation services from Dubai and the Gulf region have emerged, displaying characteristics commonly associated with scams. These sites use crisis-related domain names, employ urgent messaging, lack verifiable operator details, and often request unconventional payment methods. The situation highlights the need for increased vigilance and proactive monitoring of emerging digital threats during geopolitical crises.

MediumCampaignUnited Arab EmiratesSaudi ArabiaQatar+8#middle east crisis#evacuation scams#phishing

A China-nexus threat actor targeted countries in the Persian Gulf region using a multi-stage attack chain to deploy a PlugX backdoor variant. The campaign exploited the renewed Middle East conflict, using an Arabic-language document lure depicting missile attacks. The attack utilized a ZIP archive containing a malicious Windows shortcut file, which downloaded a CHM file leading to the deployment of PlugX. The malware employed various obfuscation techniques, including control flow flattening and mixed boolean arithmetic. The PlugX variant supported HTTPS for command-and-control communication and DNS-over-HTTPS for domain resolution. Based on the tools and tactics used, the activity is attributed to a China-nexus actor, possibly linked to Mustang Panda.

MediumMalwareUnited Arab EmiratesSaudi ArabiaQatar+4#china-nexus#korplug#middle east conflict

The ongoing conflict involving Iran has led to increased cyber espionage activities targeting Middle Eastern governments. Multiple state-sponsored threat actors, including those from China, Belarus, Pakistan, and Hamas, have been observed conducting campaigns using the conflict as a lure. These actors are employing various tactics such as credential phishing, malware delivery, and compromised accounts to target government and diplomatic organizations. The campaigns often use war-themed content to engage targets and gather intelligence on the conflict's trajectory and geopolitical implications. Iranian threat actors continue their traditional espionage efforts alongside disruptive campaigns in support of war efforts. This heightened activity reflects both opportunistic use of topical lures and shifts in intelligence collection priorities for various state-aligned groups.

MediumMalwareIranUnited Arab EmiratesSaudi Arabia+9#rust backdoor#iran conflict#cobalt strike

Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants. The post Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War appeared first on SecurityWeek .

MediumVulnerabilityUnited StatesIsraelSaudi Arabia+6

For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES AkzoNobel, a Netherlands-based global paint manufacturer, has confirmed a cyberattack affecting one of its United States sites. The company said the intrusion was contained, while the Anubis ransomware group claimed it stole […] The post 9th March – Threat Intelligence Report appeared first on Check Point Research .

MediumVulnerabilityUnited StatesNetherlandsIndia+11

Key Findings Introduction As highlighted in the Cyber Security Report 2026, cyber operations have increasingly become an additional tool in interstate conflicts, used both to support military operations and to enable ongoing battle damage assessment (BDA). During the 12-day conflict between Israel and Iran in June 2025, the compromise of cameras was likely used to support […] The post Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East appeared first on Check Point Research .

HighVulnerabilityIsraelUnited Arab EmiratesQatar+4

Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby. The post Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters appeared first on SecurityWeek .

HighVulnerabilityUnited Arab EmiratesBahrainSaudi Arabia+7