Gulf systems targeted by wave of war-linked cyberattacks

• 100 attacks in first 72 hours of war
• Hackers target banks, telcos and airports
• Minor disruption despite increase

Cyberattacks targeting Gulf institutions have surged as military action by the US and Israel against Iran has escalated, reinforcing how modern conflict is spilling into digital infrastructure and impacting key industries.

Banks, telecom operators, aviation systems and government platforms across the Gulf have all been targeted, according to cybersecurity and intelligence companies monitoring forums on the dark web – a hidden part of the internet that allows users to operate anonymously – and messaging platforms such as Telegram.

More than 60 hacker groups or collectives mobilised within hours of the start of the conflict and over 100 cyber incidents were recorded across the Middle East in the first 72 hours, analysts said.

Most attacks were relatively unsophisticated and operational disruption has so far been limited.

But the ease of launching such attacks is lowering the barrier to disruption. This includes website defacements, distributed-denial-of-service (DDoS) attacks – when a website is overwhelmed with traffic to render it unusable – and attempted intrusions into financial and government systems.

“For $100 you can access a DDoS toolkit for a month and launch unlimited attacks,” said Manohar Reddy Pagilla, a threat researcher at cybersecurity company CloudSEK. Stolen corporate credentials circulating in cybercrime markets can cost as little as $10, he added.

The targets reflect the strategic importance of Gulf economies to global energy and trade.

Entities cited in attack claims include Saudi Arabia’s Riyad Bank and Al Rajhi Bank, Kuwait International Airport, Bahrain’s Batelco, UAE telecom operator du and a number of government ministries in the GCC.

The companies have not yet responded to requests for comment.

“Cyberattacks on energy infrastructure, ports and aviation systems can create unpredictable market conditions, halt exports and trigger cascading shortages for commodities like oil,” said Morey Haber, chief security adviser at software management company, BeyondTrust.

The Gulf is particularly exposed. Digital systems corroborate oil shipping schedules, airline operations and financial transactions across hubs such as Dubai, Riyadh and Doha.

The average cost of a cybersecurity breach in the Middle East is about $8 million, nearly double the global average of $4.45 million, according to the World Economic Forum.

Governments across the GCC are investing in digital defences and the region’s cyber-threat intelligence market is expected to exceed $31 billion by 2030.

“The cyber spillover from the [US-Israel and Iranian] escalation is already affecting Gulf economies mainly through disruption and defensive costs, rather than confirmed destructive attacks and concrete numbers on their direct financial cost,” said Marwan Hachem, founder of cyber security company FearsOff. 

While Gulf readiness is stronger than a decade ago, Haber said that preparedness still varies by sector. “Persistent weaknesses remain around identity security, third-party access, operational-technology visibility and coordination between public and private responders.”

Many attacks appear designed to generate publicity rather than lasting disruption. “They make a lot of noise,” Pagilla said.

Hacktivist collectives, ransomware operators – cybercriminals who lock victims’ data and demand payment to restore access – and brokers of stolen data have been the most active. Analysts say such groups often exaggerate attacks on high-profile organisations to damage reputations and amplify political messaging.

Several Iran-aligned hacktivist groups, including Handala, DieNet and Ghost Princess, have claimed responsibility for attacks on regional infrastructure during the latest escalation, according to CloudSEK.

Even a brief disruption to service can carry significant costs, analysts say. If a banking system goes offline for just a few minutes, it can translate into millions of dollars in interrupted transactions.

UAE banks Abu Dhabi Commercial Bank and First Abu Dhabi Bank reported prolonged interruptions over the past week, although it cannot be confirmed if they were related to cyberattacks. Neither bank responded to AGBI’s request for comments. 

The financial impact is rarely immediate. Losses tend to emerge over time, particularly when stolen data begins circulating in underground markets.

Once credentials or internal data are leaked and sold, affected companies remain exposed. They often face repeated intrusion attempts for months as attackers exploit the information.

“Now that the region is on attackers’ radar, the implications will likely emerge over the next six months to a year,” Pagilla said.

Cyber operations have long featured in geopolitical confrontation. The Stuxnet worm – widely attributed to US and Israeli intelligence – sabotaged Iranian nuclear centrifuges more than a decade ago.

Russia’s campaigns against Ukraine have demonstrated how cyber tools can disrupt power grids, deploy destructive malware and shape information flows at scale. The 2017 NotPetya attack, for example, initially targeted Ukrainian networks but spread globally and caused an estimated $10 billion in damage to multinational companies, according to academics.

“The longer-term implication is that cyber operations are now fully integrated into military conflict,” Hachem said.

“For highly digitised Gulf economies, cyber resilience and protection of financial and energy systems will become an even more critical element of national security,” he added.