{"id":77762,"date":"2025-06-18T11:31:16","date_gmt":"2025-06-18T08:31:16","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=77762"},"modified":"2025-06-18T11:31:17","modified_gmt":"2025-06-18T08:31:17","slug":"report-advanced-cyberattacks-hit-middle-east-critical-infrastructure-over-two-years","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2025\/06\/18\/report-advanced-cyberattacks-hit-middle-east-critical-infrastructure-over-two-years\/","title":{"rendered":"Report: Advanced Cyberattacks Hit Middle East Critical Infrastructure Over Two Years"},"content":{"rendered":"\n

FortiGuard Labs Uncovers Advanced Espionage Campaign Targeting IT\/OT Systems<\/strong><\/em><\/p>\n\n\n\n

\u00a073% of OT Firms Targeted as Cyberattacks Escalate Across Critical Sectors<\/strong><\/em><\/p>\n\n\n\n

TheFortiGuard Labs\u2019 Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East.<\/p>\n\n\n\n

The intrusion, attributed to a state-sponsored threat actor, involved sustained espionage operations and suspected network prepositioning. Over the course of nearly two years, the threat actor deployed novel malware, bypassed network segmentation, and made repeated attempts to maintain access across segmented IT and OT environments.<\/p>\n\n\n\n

Advanced Malware and Persistent Access<\/strong><\/p>\n\n\n\n

The multi-phase intrusion detailed by FGIR spanned from 2023 to early 2025. The attacker initially gained entry using compromised VPN credentials, then established footholds using multiple custom backdoors including HanifNet, HXLibrary, and NeoExpressRAT. They bypassed segmentation using proxy tools such as Ngrok, ReverseSocks5, and plink, and targeted virtualization infrastructure to deepen access.<\/p>\n\n\n\n

While no confirmed disruption to OT systems was observed, the report notes significant reconnaissance activity in restricted environments \u2014 emphasizing the need for heightened defense across converged IT\/OT networks.<\/p>\n\n\n\n

The operation unfolded across four stages: initial compromise, consolidation of access, adversary response to containment, and attempted re-entry via exploitation of third-party software and phishing attacks. Even after being removed from the network, the threat actor made repeated efforts to re-establish access \u2014 signalling a long-term strategic objective.<\/p>\n\n\n\n

OT Security Faces Escalating Threats<\/strong><\/p>\n\n\n\n

According to Fortinet\u2019s 2024 State of Operational Technology and Cybersecurity Report<\/a>, 73% of OT organizations globally have now experienced cyber intrusions \u2014 up from 49% in 2023 \u2014 with targeted OT-only attacks also rising from 17% to 24%.<\/p>\n\n\n\n

This trend mirrors the patterns observed in the latest investigation, where state-linked actors deployed advanced malware, evaded detection, and used phishing and software exploitation to reestablish access after remediation efforts. For this reason, we are seeing responsibility for OT cybersecurity increasingly shifting to the CISO, CIO, and COO, with 60% of organizations reporting executive-level oversight.<\/p>\n\n\n\n

Regional Threat Activity on the Rise<\/strong><\/p>\n\n\n\n

Fortinet\u2019s 2025 Global Threat Landscape Report<\/a> also confirms that state-sponsored groups remain highly active, targeting government, technology, and education sectors. Interestingly, over 60% of hacktivist campaigns globally were linked to geopolitical causes. The Middle East also remains a high-risk region for cyber activity, with the EMEA region accounting for 26% of recorded global exploitation attempts.<\/p>\n\n\n\n

Defensive Recommendations<\/strong><\/p>\n\n\n\n

To defend against such persistent and well-resourced adversaries, the FortiGuard team recommends that organizations prioritize the following defensive measures:<\/p>\n\n\n\n