Kaspersky reveals that the Middle East, Turkiye, and Africa are a focus for 25 Advanced Persistent Threat (APT) groups tracked since early 2024. The findings show that these groups target financial services, critical infrastructure, defence, and government entities, while also extending their reach into commercial and emerging industries.
The research shows a diverse threat landscape, with both established and emerging groups active across the region. For example, the Griffith group consistently targets the financial services industry across multiple countries, while SideWinder demonstrates a wide geographic scope and industry reach and mainly focuses on espionage. Additionally, Kaspersky experts have observed campaigns from the APT Evasive Panda and Cloud Atlas, both active in Turkiye.
Kaspersky researchers note that initial access by the majority of APTs targeting the region is often gained through socially engineered spear-phishing campaigns. Once inside, these threat actors prioritise stealth, frequently masquerading as legitimate services or routine scheduled tasks. This approach enables them to remain undetected within networks for extended periods, in some cases months or even years, while continuing to gather intelligence or prepare for further attacks.
“When we analyse APT activities in the region, what stands out is how quickly their methods adapt,” said Maher Yamout, Lead Security Researcher at Kaspersky. “We’re seeing attackers’ experiment with new exploits, expand into uncommon sectors, and in some cases, test the waters in countries that were previously less affected. It’s a clear reminder that no industry or organisation is off the radar for advanced attackers.”
To help organisations protect their IT infrastructure against sophisticated targeted attacks, Kaspersky security experts recommend the following measures:
- Use multilayered security solutions such as from the Kaspersky Next product line, further strengthening defences with an enterprise-grade security solution that detects advanced threats at an early stage, such as Kaspersky Anti Targeted Attack Platform.
- Monitor third party IT service providers and require continuous inspection of access within supply-chain.
- Specialised solutions for critical infrastructures, such as Kaspersky Industrial Cyber Security, ensure comprehensive protection for all systems.
- Equip cybersecurity teams with Threat Intelligence to allow them to stay ahead of APTs.
- Educate employees depending on their IT knowledge with cybersecurity courses such as those available within Kaspersky Security Awareness Platform.
To learn more about Kaspersky’s Threat Intelligence, click here.
