Financial services, critical infrastructure, and defense sectors emerge as prime targets for 25 APT groups, highlighting a surge in regional cyber espionage and targeted attacks.
Kaspersky has identified 25 Advanced Persistent Threat (APT) groups actively targeting the Middle East, Turkiye, and Africa since early 2024, underscoring an increasingly volatile cyber landscape. The firm’s latest intelligence indicates that financial institutions, defense, government, and critical infrastructure sectors remain the most frequent victims, while commercial and emerging industries are becoming new points of interest for advanced attackers.
Among the notable groups, Griffith has maintained a consistent focus on financial entities across several countries, while SideWinder continues to operate with a broad geographical and industrial reach — primarily engaging in espionage activities. Other prominent campaigns include those from Evasive Panda and Cloud Atlas, both of which have shown sustained activity in Turkiye.
“What stands out is how quickly attackers’ methods adapt. They’re experimenting with new exploits, expanding into uncommon sectors, and testing countries that were previously less affected.”
— Maher Yamout, Lead Security Researcher, Kaspersky
Kaspersky researchers report that the initial entry vector for most APT operations remains spear-phishing, leveraging sophisticated social engineering to gain access. Once inside networks, these adversaries employ stealth tactics, disguising themselves as legitimate services or routine tasks — often maintaining undetected persistence for months or even years.
Yamout notes that APT behavior across the META region reflects a strategic evolution. Attackers are testing new exploits and expanding geographically, signaling that no industry is immune from targeted attacks.
To mitigate these evolving risks, Kaspersky advises enterprises to deploy multilayered security architectures, including the Kaspersky Next product line and Anti Targeted Attack Platform. Additional recommendations include continuous monitoring of third-party vendors, deploying industrial-grade security solutions, and empowering teams through Threat Intelligence and cybersecurity awareness training via the Kaspersky Security Awareness Platform.
Kaspersky will be showcasing its Threat Intelligence solutions at GITEX Global 2025 (Stand H25, B35), where experts will demonstrate the latest tools to detect and respond to advanced threats.
