Attack Tracker: Top 10 Cyber Attacks (UAE, Gulf & Global)

1. UAE | Ongoing — DDoS, Intrusion & Ransomware | Iran-Linked Groups (DieNet, 313 Team, Handala)
Region/Country: United Arab Emirates | Attack Type: DDoS, Intrusion, Data Leak, Wiper Malware | Threat Actor: Iran-linked hacktivist collective (DieNet, 313 Team, Handala)
Summary: UAE cybersecurity authorities reported cyberattacks on digital infrastructure tripling from 200,000 to 600,000 since the onset of regional conflict, with targeting evolving from symbolic website defacements toward financial institutions, aviation systems, and law enforcement platforms. As of this reporting period, between 500,000 and 700,000 cyberattack attempts per day are being recorded against UAE infrastructure, with AI automation enabling unprecedented attack velocity and a 340% increase in AI-driven breaches in the preceding six months.[^33][^32]
Source: The National — https://www.thenationalnews.com/future/technology/2026/04/10/iranian-cyber-attacks-move-from-disruptive-to-complex-threats-in-gulf/


2. UAE (Fujairah) | Port of Fujairah Cyber-Physical Attack | Handala (Iran-Linked)
Region/Country: UAE — Fujairah | Attack Type: Cyber-Physical / Data Exfiltration | Threat Actor: Handala Hack (Iran-aligned)
Summary: Handala Hack, a major Iran-linked group, claimed to have breached sensitive systems at the Port of Fujairah — a critical UAE oil hub — in coordination with a drone and missile strike, allegedly releasing over 430,000 classified documents including oil pipeline maps, ship movement data, and financial records. Iran appears to be using cyber-physical attack threats to deter the UAE from further military cooperation with the United States, according to Dow Jones assessment.[^45][^46]
Source: Dow Jones Business Intelligence — https://www.dowjones.com/business-intelligence/blog/uae-iran-claims-cyber-physical-attack/


3. UAE / Gulf Region | Phishing Campaigns Targeting Emirates and Dubai-Branded Domains | Financially Motivated Threat Actors
Region/Country: UAE | Attack Type: Financial Fraud, Credential Phishing, Crypto Scams | Threat Actor: Unattributed financially motivated actors
Summary: Palo Alto Networks Unit 42 identified two separate malicious campaign clusters targeting UAE residents: one exploiting brands with “Emirates” in the name for financial fraud, and a second using “Dubai”-branded domains to deliver crypto and investment scams leveraging high-value real estate and luxury lifestyle lures. A social engineering vishing campaign was also identified targeting UAE individuals to steal credentials by capitalizing on regional conflict narratives.[^47]
Source: Unit 42 — Palo Alto Networks — https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/


4. Saudi Arabia & Gulf | Escalating Ransomware and Intrusion Activity | Multiple Threat Actors
Region/Country: Saudi Arabia / GCC | Attack Type: Ransomware, Intrusion, Vulnerability Probing | Threat Actor: Multiple ransomware affiliates and Iran-aligned actors
Summary: Saudi Arabia has seen the sharpest increase in cyber activity volume in the Gulf this reporting cycle — from 55 cyber-relevant posts to approximately 872 by early April — with a growing focus on intrusion attempts, vulnerability testing, and ransomware-related threats beyond initial DDoS-heavy campaigns. Group-IB’s 2025 High-Tech Crime Trends report documented a 44% increase in underground recruitment by ransomware affiliates specifically targeting GCC countries.[^37][^32]
Source: The National / Chambers & Partners — https://practiceguides.chambers.com/practice-guides/cybersecurity-2026/uae/trends-and-developments


5. India (Global Supply Chain) | Tata Electronics Data Breach | World Leaks Ransomware
Region/Country: India (global supply chain impact including UAE/Gulf Apple/Tesla customers) | Attack Type: Ransomware / Data Extortion | Threat Actor: World Leaks
Summary: The World Leaks ransomware group posted over 204,300 files (630+ GB) from Tata Electronics including Apple manufacturing specifications, Tesla “TRADE SECRET” engineering documents, and data referencing TSMC and Qualcomm — representing a significant supply chain intelligence leak with global implications for device manufacturers and enterprise customers. Apple is investigating, a ransom demand has been made, and Tata has tightened internal access controls and engaged a global forensic consultant.[^48][^17][^14]
Source: Reuters — https://www.reuters.com/business/media-telecom/indias-tata-electronics-hit-by-cyber-breach-claiming-expose-apple-tesla-trade-2026/


6. Global (Pharmaceutical) | Novo Nordisk Data Theft and Extortion | FulcrumSec
Region/Country: Denmark / Global | Attack Type: Data Theft & Extortion | Threat Actor: FulcrumSec
Summary: FulcrumSec, a cyber extortion group that surfaced in October 2025, spent over two months inside Novo Nordisk’s networks, extracting 1.3 TB of data including drug source code, clinical trial records, and internal AI model details, before demanding $25 million — which Novo Nordisk refused. Following the refusal, FulcrumSec began exploring the private sale of stolen drug research data; the company had separately confirmed unauthorized access to pseudonymized clinical trial data in a prior disclosure.[^19][^20][^21]
Source: Reuters — https://www.reuters.com/legal/government/hacking-group-claims-major-hack-novo-nordisk-attempted-25-million-extortion-2026-06-16/


7. United States | DHS HSIN Information Network Breach | Unknown Threat Actor
Region/Country: United States | Attack Type: Intrusion / Intelligence Espionage | Threat Actor: Unknown
Summary: Unknown hackers breached the DHS Homeland Security Information Network (HSIN) between late May and early June, targeting both HSIN servers and an associated SharePoint system used for planning and coordinating major events including the FIFA World Cup currently underway. DHS confirmed the breach on July 1; classified systems were not affected, but Senator Mark Warner warned the exposed information “is highly sensitive, and its exposure risks national security”.[^5][^6][^7][^3]
Source: BleepingComputer — https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/


8. Taiwan / Japan | Nidec Chaun Choung Technology Ransomware Attack | Blackfield
Region/Country: Taiwan (Japanese parent company) | Attack Type: Ransomware | Threat Actor: Blackfield
Summary: Nidec Corporation confirmed its Taiwanese subsidiary Nidec Chaun Choung Technology suffered a ransomware attack on June 22; the Blackfield ransomware group claimed responsibility and demanded $2 million to delete the stolen data, offering a $400,000 option for immediate purchase of the data by third parties. The attack affected the subsidiary’s independent server infrastructure; Nidec stated the broader corporate network was not impacted at time of reporting.[^23][^22]
Source: BleepingComputer — https://www.bleepingcomputer.com/news/security/blackfield-ransomware-asks-nidec-corporation-for-2-million-ransom/


9. Global (Cross-Sector) | FortiBleed Ransomware-Linked Credential Campaign | INC Ransom / Lynx RaaS
Region/Country: Global — 194 countries, including Gulf and Middle East | Attack Type: Credential Harvesting → Ransomware | Threat Actor: INC Ransom / Lynx (FortiBleed operator)
Summary: FortiBleed’s credential dataset — covering 86,000+ FortiGate devices — was formally linked to active ransomware deployment this week, with INC Ransom and Lynx both confirmed as downstream operators of the harvested credentials. At least 12 ransomware deployments have been confirmed, and a Golang-based traffic sniffer installed on thousands of devices is collecting credentials passively for ongoing use.[^1]
Source: CyberInfos — https://www.cyberinfos.in/cybersecurity-weekly-report-june-29-july-5-2026/


10. United Kingdom | 323 Ransomware Attacks Against UK Firms (April 2025–March 2026) | Multiple RaaS Groups
Region/Country: United Kingdom | Attack Type: Ransomware | Threat Actor: Multiple RaaS groups
Summary: UK organizations reported 323 ransomware attacks in the 12 months to March 2026, averaging over 26 incidents monthly with SMBs accounting for more than half of all victims; financial losses rose 50% year-over-year to approximately £270,000 ($357,000) per incident, though actual figures are assessed as higher due to underreporting. The data provides cross-reference context for UAE and Gulf organizations assessing equivalent RaaS attack exposure against similar private-sector and financial service targets.[^49]
Source: Cyber Briefing / YouTube — https://www.youtube.com/watch?v=q0j-r88FF4A