Connect with us

Tech Features

In the Crosshairs of APT Groups: A Feline Eight-Step Kill Chain

Published

on

hacking

By Alexander Badaev, Information security threat researcher, Positive Technologies Expert Security Center and Yana Avezova, Senior Research Analyst, Positive Technologies

In cybersecurity, “vulnerability” typically evokes concern. One actively searches for it and patches it up to build robust defenses against potential attacks. Picture a carefully orchestrated robbery, where a group of skilled criminals thoroughly examines a building’s structure, spots vulnerabilities, and crafts a step-by-step plan to breach security and steal valuables. This analogy perfectly describes the modus operandi of cybercriminals, with the “kill chain” acting as their detailed blueprint.

In a recent study, analysts from Positive Technologies gathered information on 16 hacker groups attacking the Middle East analyzing their techniques and tactics. It is worth noting that most of the threats in Middle Eastern countries come from groups believed to be linked to Iran—groups such as APT35/Charming Kitten or APT34/Helix Kitten. Let’s see how APT groups operate, how they initiate attacks, and how they develop them toward their intended targets.

Step 1: The Genesis of Intrusion (Attack preparation)

It all begins with meticulous planning and reconnaissance. APT groups leave no stone unturned in their quest for vulnerable targets. They compile lists of public systems with known vulnerabilities and gather employee information. For instance, groups like APT35 aka Charming Kitten known for targeting mainly Saudi Arabia and Israel, gather information about employees of target organizations, including mobile phone numbers, which they leverage for nefarious purposes like sending malicious links disguised as legitimate messages. After reconnaissance, they prepare tools for attacks, such as registering fake domains and creating email or social media accounts for spear phishing. For example, APT35 registers accounts on LinkedIn and other social networks to contact victims, persuading them through messages and voice calls to open malicious links.

Step 2: The Initial Access: Gaining a Foothold

Once armed with intelligence, cybercriminals proceed to gain initial access to their target’s network.  Phishing campaigns, often masquerading as legitimate emails, serve as the primary means of infiltration. An example is the Desert Falcons group, observed spreading their malware through pornographic phishing. Notably, some groups go beyond traditional email phishing, utilizing social networks and messaging platforms to lure unsuspecting victims, as seen with APT35, Bahamut, Dark Caracal, and OilRig. Moreover, techniques like the watering hole method, where attackers compromise trusted websites frequented by their targets, further highlight the sophistication of these operations. Additionally, attackers exploit vulnerabilities in resources accessible on the internet to gain access to internal infrastructure. For example, APT35 and Moses Staff exploited ProxyShell vulnerabilities on Microsoft Exchange servers.

Step 3: Establishing Persistence: The Art of Concealment

Having breached the perimeter, APT groups strive to establish a foothold within the victim’s infrastructure, ensuring prolonged access and control. This involves deploying techniques such as task scheduling, as seen in the campaign against the UAE government by the OilRig group, which created a scheduled task triggering malicious software every five minutes. Additionally, many malicious actors set up malware autostart, like the Bahamut group creating LNK files in the startup folder or Dark Caracal’s Bandook trojan. Some APT groups, such as APT33, Mustang Panda, and Stealth Falcon, establish themselves in victim infrastructures by creating subscriptions to WMI events for event-triggered execution. Furthermore, attackers exploit vulnerabilities in server applications to install malicious components like web shells, which provide a backdoor for remote access and data exfiltration.

Step 4: Unraveling the Network: Internal Reconnaissance

After breaking in, APT groups don’t just sit there. They explore the system like a thief casing a house to find valuables and escape routes. This digital reconnaissance involves several steps. First, they perform an inventory check, identifying the computer’s operating system, installed programs, and updates, like figuring out a house’s security measures. For instance, APT35 might use a simple command to see if the computer is a powerful 64-bit system, capable of handling more complex tasks. Second, they map the network layout, akin to identifying valuable items and escape routes. APT groups might use basic tools like “ipconfig” and “arp” (like Mustang Panda) to see how devices are connected and communicate. They also search for user accounts and activity levels, understanding who lives in the house (figuratively) and their routines. Malicious tools, like the Caterpillar web shell used by Volatile Cedar, can list all usernames on the system. Examining running programs is another tactic, like checking for security guards. Built-in commands like “tasklist” (used by APT15 and OilRig) can reveal a list of programs currently running.

Finally, APT groups might deploy programs that hunt for secrets hidden within files and folders, like searching for hidden safes or documents. The MuddyWater group, for example, used malware that specifically checked for directories or files containing keywords related to antivirus software. By gathering this comprehensive intel, APT groups can craft targeted attacks, steal sensitive data like financial records or personal information, or exploit vulnerabilities in the system to cause even more damage.
Step 5: Harvesting Credentials: Unlocking the Vault

Access to privileged credentials is the holy grail for cyber attackers, granting them unrestricted access to critical systems and data. One common tactic is “credential dumping,” where tools like Mimikatz (used by APT15, APT33, and others) snatch passwords directly from a system’s memory, similar to stealing a key left under a doormat. Keyloggers, used by APT35 and Bahamut for example, acts like a hidden camera, silently recording keystrokes to capture usernames and passwords as victims type them in.

These stolen credentials grant access to even more sensitive areas. APT groups also exploit weaknesses in how passwords are stored. For instance, some target the Windows Credential Manager (like stealing a notepad with written down passwords). Brute-force attacks, trying millions of combinations, can crack weak passwords. Even encrypted passwords can be vulnerable if attackers have specialized tools. By employing these tactics, APT groups bypass initial security and access sensitive information or critical systems.

Step 6: Data Extraction: The Quest for Valuable Assets

Once inside, APT groups aren’t shy about snooping around. They leverage stolen credentials to capture screenshots, record audio and video (like hidden cameras and microphones), or directly steal sensitive files and databases. For instance, the Dark Caracal group employed Bandook malware, which can capture video from webcams and audio from microphones. This stolen data becomes their loot.

To ensure a smooth getaway, APT groups often employ encryption and archiving techniques. Imagine them hiding their stolen treasure chests—the Mustang Panda group, for example, encrypted files with RC4 and compressed them with password protection before shipping them out. This makes it difficult for defenders to identify suspicious activity amongst regular network traffic.

Step 7: Communication Channels: Establishing Control

APT groups rely on hidden communication channels with command-and-control (C2) servers to control infected machines and exfiltrate data. They employ various tactics to blend in with regular network traffic. This includes using common protocols (like IRC or DNS requests disguised as legitimate web traffic) and encrypting communication for further stealth.

However, some groups take it a step further. For instance, OilRig used compromised email servers to send control messages hidden within emails and then deleted them, making their C2 channel nearly invisible. These innovative techniques make it difficult for security measures to detect malicious activity, highlighting the importance of staying informed about evolving APT tactics.

Step 8: Covering Tracks: Erasing Digital Footprints

As the operation ends, APT groups meticulously cover their tracks to evade detection and prolong their presence in the compromised environment. Techniques like file obfuscation, masquerading, and indicator removal are employed to erase digital footprints and thwart forensic investigations. For example, the Bahamut group used icons mimicking Microsoft Office files to disguise malware, and the OilRig group used .doc file extensions to make malware appear as office documents. The Moses Staff group named their StrifeWater malware calc.exe to make it look like a legitimate calculator program.

To further bypass defenses, attackers often proxy the execution of malicious commands using files signed with trusted digital certificates. The APT35 group used the rundll32.exe file to execute the MiniDump function from the comsvcs.dll system library when dumping the LSASS process memory. Meanwhile, the Dark Caracal group employed a Microsoft Compiled HTML Help file to download and execute malicious files. Many APT groups also remove signs of their activity by clearing event logs and network connection histories, and changing timestamps. For instance, APT35 deleted mailbox export requests from compromised Microsoft Exchange servers. This meticulous cleaning makes it much more difficult for cybersecurity professionals to conduct post-incident investigations, as attackers often remove their arsenal of software from compromised devices after achieving their goals.

Conclusion: A Call to Vigilance

In a nutshell, the threat landscape in the Middle East is fraught with peril, as APT groups continue to refine their tactics and techniques to evade detection and wreak havoc on unsuspecting organizations. By understanding the anatomy of cyber intrusions and remaining vigilant against emerging threats, organizations can bolster their defenses and mitigate the risks posed by these sophisticated adversaries. Together, let us remain steadfast in our commitment to safeguarding the digital frontier against cyber threats.

Research Link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech Features

How the power sector can attract the next generation of STEM talent

Published

on

By Amjad Alqaqaa – Vice President – MEAI

Power sectors around the world are undergoing rapid transformation. Digital technologies, advanced materials, and the shift towards lower-carbon energy are reshaping how power plants and critical infrastructure are designed, operated, and maintained. Yet one persistent challenge continues to hold the sector back: a shortage of people with the right engineering and technical skills.

As the UAE continues to advance its ambitions as a leading hub for innovation and technology, there is an increasing need to strengthen and future-proof STEM capabilities to keep pace with evolving industry demands. According to a report by STEM workforce consultancy SThree, 40% of STEM professionals in the UAE believe that upskilling and reskilling are the most effective ways to boost productivity and competitiveness. While more than a third (32%) point to skills shortages as a barrier to productivity, highlighting a clear gap between workforce capabilities and industry needs.

Additionally, data from the Hays 2026 US Salary & Hiring Trends Guide indicates that companies in the UAE are starting to slow down recruitment and instead are investing in the skills of their existing workforce, with around 42% of employers prioritising upskilling over hiring.

Research from LinkedIn also suggests demand for green skills is rising much faster than supply, highlighting a widening gap between the skills needed for the energy transition and the talent currently available in the workforce.

For power generation companies, this is more than a recruitment issue. Skills shortages can impact equipment reliability, delay maintenance programmes, and slow the deployment of new technologies. In a sector where uptime, safety, and efficiency are critical, having the right expertise in place is essential.

At the same time, interest in STEM subjects among young people has fallen in recent years.  This weakens the future talent pipeline. This means companies must do more to attract and develop STEM talent.

Showing young people what engineering looks like today

One of the challenges is perception. Many young people still associate engineering with traditional industrial roles, rather than the highly advanced, technology-driven careers available today.

Today’s engineers work with advanced digital tools, automation systems, and real-time monitoring technologies. In the power sector, they help keep turbines, pumps, and other critical systems running efficiently. They also work on challenges linked to sustainability, energy efficiency, and emissions reduction.

To address this gap, employers must play a more active role in educating emerging talent about the career opportunities in the sector. That means working more closely with schools, colleges, and universities to showcase the wide range of careers available across engineering and energy.

Partnerships between industry and academia play an important role here. For example, John Crane works closely with the University of Sheffield to support research and PhD programmes in areas such as materials science and engineering. Collaborations like this help connect academic research with real industrial challenges and encourage more students to consider careers in engineering.

These partnerships also help ensure that new research translates into practical solutions that can support industries such as power generation.

Why apprenticeships matter

Alongside academic pathways, apprenticeships are another key way to attract new talent into engineering.

They offer a practical, accessible route into engineering, allowing individuals to gain hands-on experience while working towards recognised qualifications. For employers, apprenticeships provide an opportunity to develop skills aligned to real operational needs, from maintenance and reliability engineering to digital and software capabilities.

But apprenticeships are not only for new recruits. They can also help people who are already in work develop new skills. Programmes linked to areas such as leadership, project management, and digital technologies allow employees to adapt as roles change and technology evolves.

This matters because the skills challenge is not only about bringing new people into the sector. It is also about helping the existing workforce build the capabilities needed for the future.

Building the right skills through training partnerships

Developing a skilled workforce requires more than internal programmes alone. Strong partnerships with external training providers are essential to ensure employees gain the specialist knowledge needed in highly technical environments.

Working with a network of training providers enables organisations to deliver structured learning alongside on-the-job experience. This approach ensures that training remains aligned with real operational challenges, including maintaining equipment reliability, improving efficiency, and meeting evolving safety standards.

Reaching a broader talent pool

Engineering companies need to widen their outreach and look beyond traditional recruitment channels. This includes engaging with students earlier and encouraging people from different backgrounds to consider technical careers.

In addition, requalification programmes are increasingly important in some regions. For example, in the Czech Republic, targeted requalification initiatives are helping individuals transition from other industries into engineering roles, providing a practical route to address skills shortages while bringing valuable experience into the sector.

Ensuring training programmes cater to a wide range of people with varying levels of experience can upskill new and existing workers and build a healthier talent pipeline. Providing that support is an investment that helps create a stronger, more resilient workforce in the long term.

Building the workforce of the future

The power sector plays a central role in driving the global energy transition. In the Middle East, this transition is expected to drive demand for a wide range of engineering roles, particularly in renewable energy, grid infrastructure, and related technologies, highlighting the need for targeted training and workforce development programmes to equip both new entrants and existing workers with relevant technical skills.

Engineers and technicians will be needed to maintain power plants, improve equipment performance, and develop new energy technologies. But these goals will only be possible if the industry has access to the right skills.

To achieve this, companies must think differently about talent. Strengthening collaboration with educators, improving outreach to diverse talent, and offering practical training routes such as apprenticeships all play an important role in addressing the STEM skills gap.

Apprenticeships alone will not solve the skills gap. But when combined with research partnerships and targeted workforce development, they can play a major role in rebuilding the STEM talent pipeline. By investing in people and skills today, the power sector can build the workforce it needs to support a more reliable and sustainable energy system for the future.


Continue Reading

Tech Features

THE AI REVOLUTION AND A FUTURE OF FAIRNESS

Published

on

by Dr Ekaterina Abramova, Adjunct Assistant Professor of Management Science and Operations at London Business School

The AI revolution is not on the horizon; it is already transforming how we work, solve everyday problems, and interact both with one another and with technology. From generative models to agentic systems capable of disrupting entire industries, artificial intelligence has advanced at a pace that few institutions, businesses, or governments are fully prepared for. What once felt like a distant technological possibility has become a structural force shaping labour markets and economies. As a result, one of the most pressing questions facing societies is no longer whether AI will change the world, but whether it will make it fairer. Increasingly the answer depends not only on the technology itself, but on the choices organisations and governments make about how its benefits are shared.

AI has the potential to unlock unprecedented prosperity. Yet history shows that technological revolutions rarely distribute their rewards evenly. Without deliberate intervention, the benefits of AI risk concentrating in the hands of a small number of large technology firms, highly skilled professionals and capital owners. This pattern has already emerged in earlier waves of digital transformation, where wealth and opportunity accumulated disproportionately in regions best positioned to adapt. For AI to foster equality rather than widen disparity, policymakers must treat inclusion as an ex-ante design principle rather than an ex-post correction.

The first crucial step for achieving fairness is improving the data that AI systems rely upon. Algorithms are only as representative as the information used to train them. When datasets exclude marginalised or underrepresented communities, AI risks reinforcing existing biases. Organisations and governments developing AI algorithms should prioritise collecting data from communities historically overlooked in policy design, such as rural populations, low-income groups, minority communities and those outside the formal labour markets. More inclusive datasets lead to fairer systems, more effective public services and policy decisions that better reflect the realities of entire populations, rather than just their most visible segments.

Another equally important aspect is how governments distribute the productivity gains and wealth generated by AI into broader societal benefits. Different regions are experimenting with alternative approaches. In parts of the Middle East, including the United Arab Emirates, economic gains from technological advancement are often channelled through state-led investment strategies rather than relying solely on traditional taxation and redistribution mechanisms. While VAT and other taxes exist, governments often reinvest a significant share of national income derived from natural resources and state-owned enterprises directly into infrastructure, public services, education and economic diversification. This approach builds long-term national capability by funding human capital development, strengthening digital infrastructure and fostering new sectors that create employment and opportunity.

Such strategies highlight an important principle: AI benefits do not need to be redistributed after inequality has emerged. They can be embedded in development strategies from the outset. By investing in education, digital skills and access to technology, governments expand the number of people able to participate in the AI ecosystem rather than merely compensate those left behind. China, for example, has made substantial investments in AI education and research capacity, recognising human capital as central to technological leadership. Every year 100,000 selected teenagers are funnelled into elite science talent streams across top high schools. These “genius classes” systematically train students to excel in international maths, physics, chemistry, biology and computer science competitions.

The pace of the AI revolution makes this challenge more urgent than previous technological transitions. Earlier industrial transformations unfolded over decades, allowing societies time to adapt institutions and labour markets. AI development in recent years has gained pace. Breakthroughs that once took years are now emerging within months, with new capabilities rapidly spreading across sectors from healthcare diagnostics and financial analysis to logistics and defence industries. This acceleration has been further intensified by the present-day AI race to achieve Artificial General Intelligence (AGI), amid a widespread belief that the first government to reach this milestone will gain a decisive strategic advantage. Organisations at the forefront of AI development are reluctant to slow for fear of falling behind geopolitical or commercial rivals. Meanwhile, many governments are hesitant to introduce AI regulation, concerned that premature constraints could hinder innovation and weaken their competitiveness in the pursuit of AI leadership.

However, the path forward requires a global perspective. While governments should encourage innovation, they must also recognise that AI technology will diffuse across borders. Hence governments worldwide should collaborate towards a global AI governing body, or at the very least, agree on minimum safety and fairness standards for AI deployment. The EU AI Act provides an important foundation by identifying unacceptably high-risk AI applications that should be prohibited. When forming such regulatory frameworks, governments should seek guidance from leading AI scientists to ensure they fully understand where the principal risks originate. Indeed, many prominent experts in the field argue that regulation is failing to keep pace with AI innovation.

Allowing AI technology to evolve without placing guardrails in place early risks embedding structural inequalities, particularly in labour markets, education access and capital distribution. Ultimately, the debate about AI and inequality is not primarily about algorithms; it is about governance. Technology reflects the priorities of the societies that deploy it. If policymakers treat AI purely as an engine of leadership and economic growth, its benefits will likely accrue to those already best positioned to capture them. But if AI development is guided by a clear commitment to inclusion through better data, wider access and sustained investment in human capital, it has the potential to expand opportunity on a global scale. As AI reshapes labour markets, workers will need opportunities to develop capabilities that complement intelligent systems rather than compete directly with them. Access to AI infrastructure, computing resources, data and digital connectivity must not be confined to a small group of corporations or wealthy regions.

The direction of the AI revolution is not predetermined. The question is not whether AI will transform our world, but whether governments and institutions will act quickly and thoughtfully enough to ensure that its benefits are broadly shared. In the race to build increasingly powerful systems, equal attention must be given to building the social and economic frameworks that will ensure the future is genuinely fair.

Continue Reading

Tech Features

THE REALITY OF AI DEPLOYMENT ACROSS THE WORKFORCE IN THE REGION

Published

on

By Alfred Manasseh, COO & Co-Founder of Shaffra

Across the GCC, AI is becoming more operational. The conversation has moved beyond whether organisations are testing AI and toward how deeply these systems are being embedded into daily work. McKinsey’s finding that 84% of GCC organisations have adopted AI in at least one business function shows the region’s strong momentum, but the more important shift is where this technology is now creating measurable value.

AI is beginning to operate inside real enterprise workflows, where productivity, cost, speed, service quality, and governance can be measured. This practical shift means AI is being judged less by novelty and more by whether it can reduce manual work, improve response times, and support better execution across organisations.

Where AI is being deployed

AI deployment is gaining traction in structured, high-volume functions where it can remove this coordination burden and give employees more capacity for skilled output. Asana’s research has found that around 60% of time is spent on “work about work,” such as chasing updates, attending unnecessary meetings, and switching between tools.

Customer service teams are using AI for automated query handling, routing, escalation management, and multilingual support. Operations teams are applying AI to order processing, workflow coordination, and SLA monitoring.

In HR, AI is supporting CV screening, interview scheduling, and onboarding orchestration. In finance, it is being used for invoice processing, reconciliation, and anomaly detection. Sales teams are also applying AI to lead qualification, follow-ups, CRM hygiene, and pipeline updates.

Regional governments are also preparing the workforce for this reality. Digital Dubai recently launched the AI Workforce Transformation Program, known as AI+, to help train 50,000 government employees for an AI-ready workforce.

Three phases of AI workforce evolution

AI use across the workforce can be understood in three phases. First, AI acts as an assistant through copilots, chat interfaces, summarisation, drafting, search, and advisory tools that improve individual productivity. Second, AI becomes an operator, completing defined tasks across CRM, HR, finance, customer service, and operations systems within controlled boundaries. Third, AI develops into a workforce layer, where systems are assigned roles, KPIs, access rights, escalation pathways, and governance controls. At this stage, Autonomous AI Teams operate as governed digital employees, helping structure, assign, monitor, and improve work.

How mature AI deployments operate

AI is not replacing entire jobs. It is restructuring work by taking over repetitive tasks within roles. Human teams are shifting toward oversight, exception handling, decision-making, escalation management, and quality control.

Autonomous AI Teams operate as coordinated systems rather than standalone models. They support humans through role-based actions with defined responsibilities, structured access to enterprise systems, clear decision boundaries, controlled autonomy levels, human escalation pathways, performance metrics, auditability, and governance.

From tools to workforce infrastructure

Before scaling autonomous AI systems, executives need clear visibility into decision-making, accountability, risk controls, and human intervention points. Trust grows when productivity gains are measurable and governance is visible. IBM research shows that 77% of UAE senior leaders have already seen significant productivity gains from AI, which reflects growing confidence in its operational value.

Across Shaffra deployments, Autonomous AI Teams have contributed to more than 2 million manual work hours saved monthly across operational workflows. Organisations have reported up to 80% reductions in operational costs, customer service teams can manage up to five times more queries, and HR recruitment cycles that previously took weeks can be reduced to hours.

The future workforce layer

The GCC has a strong appetite for AI adoption, but many organisations still need to redesign workflows and overcome fragmented legacy systems before AI teams can function as part of daily operations. Research showing that 94% of UAE data leaders lack complete visibility into AI decision-making processes reinforces why explainability, governance, and workflow design must develop alongside deployment.

The next phase of AI is about building a governed workforce layer where humans and Autonomous AI Teams execute together with clarity, accountability, and valuable impact.

Continue Reading

Trending

Copyright © 2023 | The Integrator