Since conflict began with a wave of air and missile strikes against Iran in February, the number of phishing and malware campaigns targeting Gulf countries has risen sharply.
In an article published by cyber security firm Bitdefender, titled “War in the Middle East Triggers Surge in Phishing and Malware Campaigns Targeting Gulf Countries”, security analyst Alina Bizga outlined several evolutions flowing from the conflict.
Activity spiked from 28 February and hasn’t really gone away since, though there has been some fluctuation. That said, activity can peak for days at a time, and often relies upon business-themed lures such as invoices, contracts, banking, and deliveries.
Attackers are also relying on a raft of techniques, from fileless PowerShell chains to remote access Trojans written in Java, and take advantage of multi-stage attacks to achieve stealthy persistence.
“The phishing and malware campaigns we’ve observed are highly opportunistic. The Gulf is a high-value region due to its role in global energy, finance and trade, and the broader disruption following the escalation has created conditions where normal business operations may be under pressure,” Bizga told Cyber Daily.
“In this context, phishing campaigns that mimic routine communication such as invoices, contracts, or banking requests are more likely to succeed, as they blend into existing workflows during periods of uncertainty.”
At this stage, Bitdefender is unable to directly attribute particular state-sponsored actors, but believes that criminal actors may also be taking advantage of the fighting.
Bizga noted that attackers are capable of shifting their narratives to keep pace with real-world developments and refine their delivery techniques – particularly in high-pressure environments.
“The shift towards business-context phishing is key, as these emails don’t look malicious; they look like work. When you combine that with conflict-driven urgency and supply chain uncertainty, the likelihood of engagement increases significantly. That initial access is what enables more complex, multi-stage attacks to follow,” Bizga said.
Bizga also admitted that these kinds of campaigns are rarely limited to a single region.
“The techniques involved, including staged malware delivery and the leveraging of common infrastructure, are widely used and can be adapted to different industries and geographies,” Bizga said.
“While the activity observed here is focused on Gulf countries, similar approaches may be used in other contexts where they align with local business practices and communication patterns.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.