Kaspersky says that the Middle East, Turkiye, and Africa (META) are a focus for 25 Advanced Persistent Threat (APT) groups tracked since early 2024 and which are targeting financial services, critical infrastructure, defence, and government entities – as well as certain commercial and emerging industries.
The research shows a diverse threat landscape with both established and emerging groups active across the region.
For example, the Griffith group consistently targets the financial services industry across multiple countries, while SideWinder demonstrates a wide geographic scope and industry reach, and mainly focuses on espionage. Additionally, Kaspersky experts have observed campaigns from the APT Evasive Panda and Cloud Atlas, both active in Turkiye.
Kaspersky researchers note that initial access by the majority of APTs targeting the region is often gained through socially engineered spear-phishing campaigns. Once inside, these threat actors prioritise stealth, frequently masquerading as legitimate services or routine scheduled tasks. This approach enables them to remain undetected within networks for extended periods – in some cases months or even years – while continuing to gather intelligence or prepare for further attacks.
“When we analyse APT activities in the region, what stands out is how quickly their methods adapt,” says Maher Yamout, lead security researcher at Kaspersky. “We’re seeing attackers’ experiment with new exploits, expand into uncommon sectors and, in some cases, test the waters in countries that were previously less affected. It’s a clear reminder that no industry or organisation is off the radar for advanced attackers.”