Report: Advanced Cyberattacks Hit Middle East Critical Infrastructure Over Two Years

FortiGuard Labs Uncovers Advanced Espionage Campaign Targeting IT/OT Systems
73% of OT Firms Targeted as Cyberattacks Escalate Across Critical Sectors
The FortiGuard Labs' Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East.
The intrusion, attributed to a state-sponsored threat actor, involved sustained espionage operations and suspected network prepositioning. Over the course of nearly two years, the threat actor deployed novel malware, bypassed network segmentation, and made repeated attempts to maintain access across segmented IT and OT environments.
Advanced Malware and Persistent Access:
The multi-phase intrusion detailed by FGIR spanned from 2023 to early 2025. The attacker initially gained entry using compromised VPN credentials, then established footholds using multiple custom backdoors including HanifNet, HXLibrary, and NeoExpressRAT. They bypassed segmentation using proxy tools such as Ngrok, ReverseSocks5, and plink, and targeted virtualization infrastructure to deepen access.
While no confirmed disruption to OT systems was observed, the report notes significant reconnaissance activity in restricted environments — emphasizing the need for heightened defense across converged IT/OT networks.
The operation unfolded across four stages: initial compromise, consolidation of access, adversary response to containment, and attempted re-entry via exploitation of third-party software and phishing attacks. Even after being removed from the network, the threat actor made repeated efforts to re-establish access — signalling a long-term strategic objective.
OT Security Faces Escalating Threats:
According to Fortinet's 2024 State of Operational Technology and Cybersecurity Report, 73% of OT organizations globally have now experienced cyber intrusions — up from 49% in 2023 — with targeted OT-only attacks also rising from 17% to 24%.
This trend mirrors the patterns observed in the latest investigation, where state-linked actors deployed advanced malware, evaded detection, and used phishing and software exploitation to reestablish access after remediation efforts. For this reason, we are seeing responsibility for OT cybersecurity increasingly shifting to the CISO, CIO, and COO, with 60% of organizations reporting executive-level oversight.
Regional Threat Activity on the Rise:
Fortinet's 2025 Global Threat Landscape Report also confirms that state-sponsored groups remain highly active, targeting government, technology, and education sectors. Interestingly, over 60% of hacktivist campaigns globally were linked to geopolitical causes. The Middle East also remains a high-risk region for cyber activity, with the EMEA region accounting for 26% of recorded global exploitation attempts.
Defensive Recommendations:
To defend against such persistent and well-resourced adversaries, the FortiGuard team recommends that organizations prioritize the following defensive measures: Enforcing multi-factor authentication (MFA) and regular credential rotation
Deploying zero-trust architecture and network segmentation
Implementing endpoint detection and response (EDR) and behavioural analytics
Conducting regular penetration testing and incident response readiness exercises
This investigation highlights the persistent and evolving nature of state-backed cyber threats targeting Middle Eastern CNIs, and a growing need for continuous monitoring, adaptive defense strategies, and coordinated threat intelligence to protect critical infrastructure in the face of sophisticated cyber threats.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Daily News Egypt

3 days ago

• Daily News Egypt

Mideast infrastructure hit by advanced, 2-year cyber-espionage attack: Fortinet

A state-sponsored hacking group conducted a nearly two-year cyber-espionage campaign targeting critical national infrastructure (CNI) in the Middle East, using novel malware to breach and maintain access across both IT and operational technology (OT) networks, according to a new report. The investigation by Fortinet's FortiGuard Labs Incident Response (FGIR) team detailed a persistent intrusion from 2023 to early 2025, which involved sustained espionage and suspected network prepositioning for potential future attacks. During the multi-phase operation, the threat actor gained initial entry using compromised VPN credentials and deployed multiple custom backdoors, including malware identified as HanifNet, HXLibrary, and NeoExpressRAT. The group then bypassed network segmentation using proxy tools such as Ngrok and ReverseSocks5 to move between the organisation's information technology (IT) and operational technology (OT) environments. While the report confirmed no disruption to OT systems, it noted significant reconnaissance activity within these restricted networks. The attackers also targeted virtualisation infrastructure to deepen their access. Even after being removed from the network, the group made repeated attempts to re-establish a foothold by exploiting third-party software and using phishing attacks, signalling a long-term strategic objective. The findings mirror a broader trend detailed in Fortinet's 2024 State of Operational Technology and Cybersecurity Report. According to that report, 73% of OT organisations globally have now experienced cyber intrusions, a significant increase from 49% in 2023. Attacks targeting OT systems specifically also rose to 24%, up from 17% the previous year. This trend has led to a shift in oversight, with 60% of organisations now reporting that responsibility for OT cybersecurity rests at the executive level with the CISO, CIO, or COO. Fortinet's 2025 Global Threat Landscape Report also noted that state-sponsored groups remain highly active, primarily targeting government, technology, and education sectors. The Middle East remains a high-risk region, with Europe, theMiddle East, and Africa (EMEA) accounting for 26% of all recorded global exploitation attempts. The report also linked over 60% of global hacktivist campaigns to geopolitical causes. To defend against such persistent and well-resourced adversaries, FortiGuard Labs recommends that organisations prioritise several key defensive measures. These include enforcing multi-factor authentication (MFA) and regular credential rotation, deploying a zero-trust architecture with network segmentation, and implementing endpoint detection and response (EDR) with behavioural analytics. The report concluded that this investigation highlights the evolving nature of state-backed cyber threats and underscores the growing need for continuous monitoring and adaptive defence strategies to protect critical infrastructure.

Mid East Info

3 days ago

• Mid East Info

Report: Advanced Cyberattacks Hit Middle East Critical Infrastructure Over Two Years

FortiGuard Labs Uncovers Advanced Espionage Campaign Targeting IT/OT Systems 73% of OT Firms Targeted as Cyberattacks Escalate Across Critical Sectors The FortiGuard Labs' Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East. The intrusion, attributed to a state-sponsored threat actor, involved sustained espionage operations and suspected network prepositioning. Over the course of nearly two years, the threat actor deployed novel malware, bypassed network segmentation, and made repeated attempts to maintain access across segmented IT and OT environments. Advanced Malware and Persistent Access: The multi-phase intrusion detailed by FGIR spanned from 2023 to early 2025. The attacker initially gained entry using compromised VPN credentials, then established footholds using multiple custom backdoors including HanifNet, HXLibrary, and NeoExpressRAT. They bypassed segmentation using proxy tools such as Ngrok, ReverseSocks5, and plink, and targeted virtualization infrastructure to deepen access. While no confirmed disruption to OT systems was observed, the report notes significant reconnaissance activity in restricted environments — emphasizing the need for heightened defense across converged IT/OT networks. The operation unfolded across four stages: initial compromise, consolidation of access, adversary response to containment, and attempted re-entry via exploitation of third-party software and phishing attacks. Even after being removed from the network, the threat actor made repeated efforts to re-establish access — signalling a long-term strategic objective. OT Security Faces Escalating Threats: According to Fortinet's 2024 State of Operational Technology and Cybersecurity Report, 73% of OT organizations globally have now experienced cyber intrusions — up from 49% in 2023 — with targeted OT-only attacks also rising from 17% to 24%. This trend mirrors the patterns observed in the latest investigation, where state-linked actors deployed advanced malware, evaded detection, and used phishing and software exploitation to reestablish access after remediation efforts. For this reason, we are seeing responsibility for OT cybersecurity increasingly shifting to the CISO, CIO, and COO, with 60% of organizations reporting executive-level oversight. Regional Threat Activity on the Rise: Fortinet's 2025 Global Threat Landscape Report also confirms that state-sponsored groups remain highly active, targeting government, technology, and education sectors. Interestingly, over 60% of hacktivist campaigns globally were linked to geopolitical causes. The Middle East also remains a high-risk region for cyber activity, with the EMEA region accounting for 26% of recorded global exploitation attempts. Defensive Recommendations: To defend against such persistent and well-resourced adversaries, the FortiGuard team recommends that organizations prioritize the following defensive measures: Enforcing multi-factor authentication (MFA) and regular credential rotation Deploying zero-trust architecture and network segmentation Implementing endpoint detection and response (EDR) and behavioural analytics Conducting regular penetration testing and incident response readiness exercises This investigation highlights the persistent and evolving nature of state-backed cyber threats targeting Middle Eastern CNIs, and a growing need for continuous monitoring, adaptive defense strategies, and coordinated threat intelligence to protect critical infrastructure in the face of sophisticated cyber threats.

Daily News Egypt

16-11-2024

• Daily News Egypt

Egypt's PM Madbouly to open Cairo ICT 2024 Sunday

Egypt's Prime Minister Mostafa Madbouly will open the Cairo ICT 2024 exhibition and conference on Sunday, 17 November, on behalf of President Abdel Fattah Al-Sisi. The event, running until 20 November at the Egypt International Exhibition Centre, is expected to attract over 100,000 visitors and more than 600 exhibitors. This 28th edition of Cairo ICT, themed 'The Next Wave,' will highlight the latest technological advancements and future trends shaping industries, economies, and societies. Organised by Trade Fairs International, a subsidiary of United Media Services, under the patronage of President Al-Sisi and Minister of Communications and Information Technology Amr Talaat, the event comprises several key exhibitions. The conference will feature the 11th PAFIX Payment Technologies and Digital Inclusion Exhibition (sponsored by the Central Bank of Egypt); the 6th IntelliCities international Smart Cities and Digital Infrastructure Exhibition; the 3rd Satcom Satellite Communications Exhibition; and the 4th Connecta International Youth Technology Exhibition, which will include Shennovates, a forum for female innovators aged 14-24. This year also marks the launch of AIDC, the first exhibition and conference in the Middle East and Africa dedicated to artificial intelligence (AI), data centres, and cloud computing. Over four days, Cairo ICT 2024 will host workshops, panel discussions, and interactive sessions led by global technology experts. Key topics include the impact of AI on data centres; practical cybersecurity training; blockchain and cryptocurrencies; smart city development; and integrating innovation into the Internet of Things. Further sessions will explore AI's effects on cloud computing and data centres; big data analytics; next-generation communications; satellite technology innovations; and practical applications of AI and machine learning. The event boasts a wide range of sponsors, including Dell Technologies, E-Finance for Digital and Financial Investments, Commercial International Bank Egypt (CIB), Huawei, Orange Egypt, EgyptAir, Telecom Egypt, Mastercard, the Information Technology Industry Development Agency (ITIDA), Fortinet, I&N Enterprise, Benya Group, Khazna, Seychelles, Shaker Group, ICT Misr, IoT Misr, Network International, Cassava Technologies, and Egypt Trust. Organisers envision Cairo ICT 2024 as a key platform uniting technological innovation with Egypt's broader digital transformation strategy. The anticipated high attendance and significant exhibitor participation underscore its potential to foster innovation and partnerships within the technology sector.