How geopolitics is rewriting cyber-strategy in the Middle East

In this International Security Journal exclusive, Praveen Jaiswal, COO, Vehere discusses how geopolitical issues are changing the way cyber-strategy is managed in the Middle East.

Since the end of World War II, the Middle East has become a focal point for major global powers due to its strategic trade routes and vast natural resources.

Moving from physical warfare and bombardment, the rise of sophisticated cyber-attacks in the area has led Middle East businesses invest billions of dollars to enhance their network security and secure the personal information of their people.

How and why are geopolitical tensions driving cyber-attacks

According to recent research, cyber-attacks targeting critical infrastructure across the Middle East are skyrocketing. Here’s why:

• Cyber as a weapon

Cyber is now the fifth operational domain. Waging war against countries in cyber-space is cheaper than armed conflicts and harder to trace.

It allows a nation to strike a blow without declaring an official war.

Check Point, notes that this region faces far more attacks than the global average because of the deep-rooted rivalry.

• Physical conflict triggers digital conflict

When fighting starts on the ground, hacking starts online. This has been noticeable in recent conflict.

• Destabilising infrastructure

GCC countries heavily rely on oil and gas, ports and shipping, aviation, government services, telecoms and attackers understand exactly how critical these systems are.

They attack to shut or sabotage daily operations or steal confidential national secrets.

• Spike in hacktivists activities

The presence of hacking groups, like Predatory Sparrow or Anonymous Sudan further escalates the situation.

They shut down websites, leak confidential data and try to paralyse public services offline. They add a layer of chaos and unpredictability to the conflict.

Timeline of recent escalations

The timeline of recent escalations includes:

• In July 2022, the target was an Iranian Steel Facilities that experienced an operational disruption that was claimed by Predatory Sparrow
• In August 2022, the target was the Kuwait Government Websites that experienced DDoS attacks that were claimed by Anonymous Sudan
• In January 2023, a UAE Oil & Gas firm was targeted and experienced a ransomware attack that was claimed by LockBit
• In March 2023, the target was Israeli Universities and they experienced data breaches and leaks that was suspected as a MuddyWater attack
• In October 2023 the Israeli Government Portals were targeted and this led to a huge DDoS attack that was claimed by Pro-Hamas hacktivist groups
• In December 2023, Bahrain Telecom experienced a network intrusion that was suspected to be caused by APT34
• In February 2024, Saudi Infrastructure experienced a supply-chain compromise that was claimed by Iranian-linked APT
• In April 2024 the Oman Banking Sector experienced credential theft that was claimed by financially motivated APT
• In August 2024, Israeli Healthcare experienced data exfiltration that was claimed by Anonymous Sudan
• In January 2025, Qatar LNG Infrastructure experienced a ICS/OT intrusion attempt that was unattributed by Nation-state APT

How are cyber-attacks evolving?

1. From spying to breaking things – Historically, hacking or infiltrations were limited to data theft but now increasingly, state-backed adversaries are targeting power grids and other critical infrastructure, taking them offline. They are also leaking embarrassing data to stir political unrest and conflict
2. Targeting the machinery (OT) – Oil refineries and water plants run on Operational Technology (OT). These systems used to be safe, but now they are prime targets due to rapid modernisation and convergence of IT (Information Technology) and OT. Attacks on these cyber-physical systems happen multiple times a year
3. Sending a diplomatic message – Countries use cyber-attacks to send a “signal” to their enemies. It’s an intimidation tactic – their way of saying “We can hurt you, so back off,” without actually launching a physical attack
4. AI is making attacks more complex and intense – Artificial Intelligence significantly enhances attacker capabilities. For instance, threat actors are now using AI to write personalised, targeted and convincing phishing emails and creating malware that mutates its code automatically to evade defenses. This makes cybersecurity even more complicated than it is today

How can organisations in the Middle East defend themselves better?

Run detection and response, not just on endpoints, but also on the network:

• Phishing, credential theft, vulnerabilities are the top initial access vectors in enterprises
• Such attacks have limited or no footprint on the endpoint and attackers remain dormant in environments for days, waiting for the right time to strike
• Organisations must invest in cybersecurity systems like Network Detection and Response (NDR) to detect lateral movement, beaconing, evasive malware and other types of low and slow attacks

Train employees:

• The human element is the biggest vulnerability in organisations
• Delivering regular cybersecurity training to employees helps them become more vigilant and following security best practices makes them more resilient
• Encouraging employees to use complex passwords, verifying urgent requests via secondary channels and reporting of any suspicious activities helps transform them from a potential target into a robust defensive layer

Leverage Identity and Access Management (IAM):

• Implementing Multi Factor Authentication (MFA) ensures that even if credentials get compromised, threat actors encounter additional layers of security
• Enforcing the Principle of Least Privilege (PoLP) enables organisations to regulate access of resources to only those users that require it
• Regularly reviewing and revoking dormant accounts, monitoring login patterns for anomalies and using strong password policies dramatically reduces the risk of credential abuse – one of the most common and highly abused attack vectors in the Middle East

Conclusion

Cybersecurity is no longer just an IT issue; it is a critical business issue. A single breach in a critical sector like energy or finance can cost millions in minutes.

Organisations must shift to network-based defenses like NDR which can proactively hunt for suspicious behaviours rather than just waiting for known threats to strike.

Investing in cybersecurity training for employees and investing in identity and access management tools can help build a proactive defense layer and help organisations become resilient over time.