⚠️ Region Alert: UAE/Middle East
Recent Unit 42 research highlights a significant escalation in Iranian cyber activity, following a 47-day internet blackout within the country. A major shift has been observed in the tactics of threat groups like CL-STA-1128 (Cyber Av3ngers), who are now targeting operational technology (OT) and industrial control systems (ICS) manufactured by Rockwell Automation. These actors are utilizing specialized software and scanning for internet-exposed PLCs to facilitate exploitation, representing a move beyond their traditional focus on simpler programmable logic controllers.
Simultaneously, a massive wave of conflict-themed phishing and financial fraud is targeting the United Arab Emirates, Dubai, and Saudi Arabia. Attackers are impersonating government authorities, utility providers, and logistics companies like Emirates Post to steal credit card data and credentials. These operations leverage sophisticated evasion techniques, including top-level domain rotation and the deployment of the StealC infostealer, while hacktivist collectives continue to launch DDoS and wiper attacks against regional infrastructure.
Top comments (0)