Have a question? +971 56 404 0503
Tech Features
In the Crosshairs of APT Groups: A Feline Eight-Step Kill Chain
By Alexander Badaev, Information security threat researcher, Positive Technologies Expert Security Center and Yana Avezova, Senior Research Analyst, Positive Technologies
In cybersecurity, “vulnerability” typically evokes concern. One actively searches for it and patches it up to build robust defenses against potential attacks. Picture a carefully orchestrated robbery, where a group of skilled criminals thoroughly examines a building’s structure, spots vulnerabilities, and crafts a step-by-step plan to breach security and steal valuables. This analogy perfectly describes the modus operandi of cybercriminals, with the “kill chain” acting as their detailed blueprint.
In a recent study, analysts from Positive Technologies gathered information on 16 hacker groups attacking the Middle East analyzing their techniques and tactics. It is worth noting that most of the threats in Middle Eastern countries come from groups believed to be linked to Iran—groups such as APT35/Charming Kitten or APT34/Helix Kitten. Let’s see how APT groups operate, how they initiate attacks, and how they develop them toward their intended targets.
Step 1: The Genesis of Intrusion (Attack preparation)
It all begins with meticulous planning and reconnaissance. APT groups leave no stone unturned in their quest for vulnerable targets. They compile lists of public systems with known vulnerabilities and gather employee information. For instance, groups like APT35 aka Charming Kitten known for targeting mainly Saudi Arabia and Israel, gather information about employees of target organizations, including mobile phone numbers, which they leverage for nefarious purposes like sending malicious links disguised as legitimate messages. After reconnaissance, they prepare tools for attacks, such as registering fake domains and creating email or social media accounts for spear phishing. For example, APT35 registers accounts on LinkedIn and other social networks to contact victims, persuading them through messages and voice calls to open malicious links.
Step 2: The Initial Access: Gaining a Foothold
Once armed with intelligence, cybercriminals proceed to gain initial access to their target’s network. Phishing campaigns, often masquerading as legitimate emails, serve as the primary means of infiltration. An example is the Desert Falcons group, observed spreading their malware through pornographic phishing. Notably, some groups go beyond traditional email phishing, utilizing social networks and messaging platforms to lure unsuspecting victims, as seen with APT35, Bahamut, Dark Caracal, and OilRig. Moreover, techniques like the watering hole method, where attackers compromise trusted websites frequented by their targets, further highlight the sophistication of these operations. Additionally, attackers exploit vulnerabilities in resources accessible on the internet to gain access to internal infrastructure. For example, APT35 and Moses Staff exploited ProxyShell vulnerabilities on Microsoft Exchange servers.
Step 3: Establishing Persistence: The Art of Concealment
Having breached the perimeter, APT groups strive to establish a foothold within the victim’s infrastructure, ensuring prolonged access and control. This involves deploying techniques such as task scheduling, as seen in the campaign against the UAE government by the OilRig group, which created a scheduled task triggering malicious software every five minutes. Additionally, many malicious actors set up malware autostart, like the Bahamut group creating LNK files in the startup folder or Dark Caracal’s Bandook trojan. Some APT groups, such as APT33, Mustang Panda, and Stealth Falcon, establish themselves in victim infrastructures by creating subscriptions to WMI events for event-triggered execution. Furthermore, attackers exploit vulnerabilities in server applications to install malicious components like web shells, which provide a backdoor for remote access and data exfiltration.
Step 4: Unraveling the Network: Internal Reconnaissance
After breaking in, APT groups don’t just sit there. They explore the system like a thief casing a house to find valuables and escape routes. This digital reconnaissance involves several steps. First, they perform an inventory check, identifying the computer’s operating system, installed programs, and updates, like figuring out a house’s security measures. For instance, APT35 might use a simple command to see if the computer is a powerful 64-bit system, capable of handling more complex tasks. Second, they map the network layout, akin to identifying valuable items and escape routes. APT groups might use basic tools like “ipconfig” and “arp” (like Mustang Panda) to see how devices are connected and communicate. They also search for user accounts and activity levels, understanding who lives in the house (figuratively) and their routines. Malicious tools, like the Caterpillar web shell used by Volatile Cedar, can list all usernames on the system. Examining running programs is another tactic, like checking for security guards. Built-in commands like “tasklist” (used by APT15 and OilRig) can reveal a list of programs currently running.
Finally, APT groups might deploy programs that hunt for secrets hidden within files and folders, like searching for hidden safes or documents. The MuddyWater group, for example, used malware that specifically checked for directories or files containing keywords related to antivirus software. By gathering this comprehensive intel, APT groups can craft targeted attacks, steal sensitive data like financial records or personal information, or exploit vulnerabilities in the system to cause even more damage.
Step 5: Harvesting Credentials: Unlocking the Vault
Access to privileged credentials is the holy grail for cyber attackers, granting them unrestricted access to critical systems and data. One common tactic is “credential dumping,” where tools like Mimikatz (used by APT15, APT33, and others) snatch passwords directly from a system’s memory, similar to stealing a key left under a doormat. Keyloggers, used by APT35 and Bahamut for example, acts like a hidden camera, silently recording keystrokes to capture usernames and passwords as victims type them in.
These stolen credentials grant access to even more sensitive areas. APT groups also exploit weaknesses in how passwords are stored. For instance, some target the Windows Credential Manager (like stealing a notepad with written down passwords). Brute-force attacks, trying millions of combinations, can crack weak passwords. Even encrypted passwords can be vulnerable if attackers have specialized tools. By employing these tactics, APT groups bypass initial security and access sensitive information or critical systems.
Step 6: Data Extraction: The Quest for Valuable Assets
Once inside, APT groups aren’t shy about snooping around. They leverage stolen credentials to capture screenshots, record audio and video (like hidden cameras and microphones), or directly steal sensitive files and databases. For instance, the Dark Caracal group employed Bandook malware, which can capture video from webcams and audio from microphones. This stolen data becomes their loot.
To ensure a smooth getaway, APT groups often employ encryption and archiving techniques. Imagine them hiding their stolen treasure chests—the Mustang Panda group, for example, encrypted files with RC4 and compressed them with password protection before shipping them out. This makes it difficult for defenders to identify suspicious activity amongst regular network traffic.
Step 7: Communication Channels: Establishing Control
APT groups rely on hidden communication channels with command-and-control (C2) servers to control infected machines and exfiltrate data. They employ various tactics to blend in with regular network traffic. This includes using common protocols (like IRC or DNS requests disguised as legitimate web traffic) and encrypting communication for further stealth.
However, some groups take it a step further. For instance, OilRig used compromised email servers to send control messages hidden within emails and then deleted them, making their C2 channel nearly invisible. These innovative techniques make it difficult for security measures to detect malicious activity, highlighting the importance of staying informed about evolving APT tactics.
Step 8: Covering Tracks: Erasing Digital Footprints
As the operation ends, APT groups meticulously cover their tracks to evade detection and prolong their presence in the compromised environment. Techniques like file obfuscation, masquerading, and indicator removal are employed to erase digital footprints and thwart forensic investigations. For example, the Bahamut group used icons mimicking Microsoft Office files to disguise malware, and the OilRig group used .doc file extensions to make malware appear as office documents. The Moses Staff group named their StrifeWater malware calc.exe to make it look like a legitimate calculator program.
To further bypass defenses, attackers often proxy the execution of malicious commands using files signed with trusted digital certificates. The APT35 group used the rundll32.exe file to execute the MiniDump function from the comsvcs.dll system library when dumping the LSASS process memory. Meanwhile, the Dark Caracal group employed a Microsoft Compiled HTML Help file to download and execute malicious files. Many APT groups also remove signs of their activity by clearing event logs and network connection histories, and changing timestamps. For instance, APT35 deleted mailbox export requests from compromised Microsoft Exchange servers. This meticulous cleaning makes it much more difficult for cybersecurity professionals to conduct post-incident investigations, as attackers often remove their arsenal of software from compromised devices after achieving their goals.
Conclusion: A Call to Vigilance
In a nutshell, the threat landscape in the Middle East is fraught with peril, as APT groups continue to refine their tactics and techniques to evade detection and wreak havoc on unsuspecting organizations. By understanding the anatomy of cyber intrusions and remaining vigilant against emerging threats, organizations can bolster their defenses and mitigate the risks posed by these sophisticated adversaries. Together, let us remain steadfast in our commitment to safeguarding the digital frontier against cyber threats.
Exclusive Interview with Bibin Varghese & Jins Alex, Managing Partners, Hedges Information Technology LLC
Enterprise systems integration is more than just linking hardware; it’s about forging trust-based partnerships, delivering tailored solutions, and providing ongoing support. In this exclusive interview, Bibin Varghese and Jins Alex, Managing Partners at Hedges Information Technology LLC, share how they steer complex integrations in the UAE market.
What Sets You Apart in Enterprise Systems Integration?
Bibin Varghese:
At Hedges, we’ve always believed that technology alone doesn’t drive value—relationships do. What sets us apart is our commitment to building long-term partnerships based on trust, agility, and results. We don’t operate as just another vendor; we become embedded in our clients’ growth journeys. Every solution is tailored to the client’s unique environment, backed by deep technical expertise, and approached with complete ownership. That’s why clients across sectors rely on us not only for today’s needs but as future-ready advisors.
Technology Partners Fueling Enterprise Systems Integration
Jins Alex:
Over the years, we’ve curated partnerships with leaders like Bitdefender for next-gen cybersecurity, Synology for scalable backup and storage, and Dell and HP for robust infrastructure. Post-implementation, our managed services include proactive system monitoring and both remote and on-site support—because for us, support isn’t an afterthought, it’s a strategic commitment.
UAE Trends in Enterprise Systems Integration
Bibin Varghese:
Enterprises here are embracing hybrid digital ecosystems—mixing cloud and on-premises infrastructure for agility and compliance. To stay ahead, we integrate Dell and HP enterprise servers, Synology storage solutions, and Bitdefender security into a unified stack that underpins our client’s digital transformation initiatives.
Cybersecurity Integration: Securing Your Enterprise Systems
Jins Alex:
Cybersecurity is a business-critical function. We deploy Bitdefender’s AI-powered threat detection, Synology’s structured backup, and secure Dell/HP hardware to build multilayered defenses. In the UAE, the shift is from reactive to predictive security—automated threat response, integrated monitoring, and real-time threat intelligence are the next frontier.
Cloud Integration Strategies for Enterprise Systems
Bibin Varghese:
Cloud is now core to digital strategy. We guide clients through readiness assessments, strategy, migration, and long-term governance across public, private, and hybrid environments. Our cloud offerings leverage our OEM partnerships and a dedicated services team to ensure cost control, scalability, and security.
Sales Literacy in Enterprise Systems Integration
Jins Alex:
While not every sales rep must be deeply technical, a solid grasp of AI, cybersecurity, infrastructure, and cloud is essential. Our sales professionals translate technical value into business impact, enabling them to have meaningful conversations with CIOs and CTOs and ensure smooth, aligned implementations.
AI-Driven Enterprise Systems Integration
Bibin Varghese:
We treat AI not just as a tool but as a differentiator. From Bitdefender’s AI threat detection to Dell’s intelligent servers, we help clients map out use cases, manage change, and make AI actionable, turning abstract concepts into real business value.
Startup Collaborations in Enterprise Systems Integration
Jins Alex:
We work with startups in health tech, logistics, e-commerce, and fintech, providing secure, scalable IT foundations from day one. The most exciting verticals in the UAE are AI-driven applications, sustainable technologies, and digital finance—areas where robust integration can make all the difference.
Find out more on Digital Magazine Technology – The Integrator
By Stewart Monk, Senior Vice President and General Manager, International at PowerSchool
AI in education is revolutionizing how we learn, teach, and manage classrooms. By embedding adaptive platforms, personalized feedback systems, and data-driven insights into every lesson, schools can empower students, streamline administration, and uphold ethical best practices from day one.
AI in Education: Real-World Implementation
Empowering students to become AI creators rather than passive consumers is essential. The UAE’s initiative to integrate AI into the national curriculum equips learners with skills in data analysis, algorithmic thinking, and software development, preparing them for a future where AI drives industry innovation. Early exposure fosters digital literacy, ethical reasoning, and hands-on project design that bridge theory and practice.
Schools are already transforming through tools like adaptive learning platforms, personalized feedback systems, and advanced data analytics. These innovations streamline administrative tasks, tailor instruction to individual needs, and free educators to focus on student engagement and mentorship.
Ethical AI in Education
With a majority of educators advocating early AI education, ethical considerations must be front and center. Protecting student data through secure, in-house AI deployments and enforcing strict access controls are best practices. Addressing bias requires vendors to share training data for third-party audits and continuous system monitoring to ensure fairness and inclusivity.
AI in Education as Your Study Buddy
AI isn’t just a buzzword—it’s becoming an integral part of the educational experience. In a recent UAE-based study, 86% of students said they use AI tools for academic tasks, and over half rely on them weekly for things like summarization, brainstorming, and coding assistance. Tools like the “All Day TA” from the University of Toronto—now adopted by nearly 100 universities globally—answer thousands of student queries per semester, showing us what’s possible when tech meets educator.
Ensuring AI Assists, Not Replaces
AI’s integration into grading, lesson planning, and operations lets teachers devote more time to creativity, critical thinking, and relationship-building. Educators also need robust AI literacy training to understand limitations, ethical use, and the necessity of human oversight.
The Future of Artificial Intelligence in Education
AI promises a dynamic, efficient, and responsive education system—personalizing learning, supporting teachers, and addressing equity. Thoughtful implementation, grounded in ethical principles and continuous oversight, will ensure every student stays on a path toward academic growth and long-term success.
Read more about smart learning in MENA in our article Beyond the Blackboard: The Arab World’s Leap into Smart Learning (Digital Magazine Technology – The Integrator)
Tech Features
Role of EdTech in MENA region: How Online Education is Enhancing Future Readiness of Workforce
By Vikraman Poduval, CEO of Saal.ai
The EdTech industry in the Middle East and North Africa (MENA) region is undergoing rapid expansion. The regional online education market is projected to reach a value of USD 1.31 billion by 2029, with a compound annual growth rate (CAGR) of 19.81% between 2025 and 2029.
EdTech plays an important role in modernising the regional education landscape as it can enhance learning experiences, Moreover, as the ongoing digital revolution raises concerns about employability and skill gaps, advanced digital learning solutions promise to drive innovation in learning, promote continuous professional development, and help foster a digitally literate workforce, aligning with the demands of a knowledge-based economy.
For instance, Saal’s AI-based learning platform synergises the capabilities of AI and big data to create detailed skill maps for individuals, align them with target roles or desired career paths, and streamline their journey to professional success. Furthermore, online educational platforms help optimise the search for the right talents, by maintaining a comprehensive skill and occupation-based database, a competency mapping engine, leadership development modules, and robust mechanisms for aggregating data from diverse systems.
UAE’s role as a key driver of the regional EdTech revolution
The UAE stands out as a trailblazer and a true pioneer, catalysing the ongoing growth of the regional online education industry, through its groundbreaking initiatives such as the recent decision to make AI a formal subject in the national curriculum. This makes the UAE one of the first nations to integrate AI as an integral facet of its foundational education framework.
This strategic decision is poised to help develop a robust local talent pipeline, by developing AI literacy at an early age and building a self-sustaining ecosystem consisting of future developers, and engineers. It will also help equip learners with critical thinking and technical skills, which are necessary to succeed in a tech-centric world. This exemplary strategic endeavour also provides a practical model which the rest of the world can aspire to emulate, highlighting the nation’s enduring commitment to innovation and positioning education as the cornerstone of broader economic transformation.
In such a scenario, there is a need for smart, scalable platform which promote competency-based education using AI algorithms that can tailor content, assessments, and learning paths in real-time based on student needs. Such advanced systems also feature unique capabilities like AI-powered learning companions, intelligent feedback and progress monitoring, real-time risk detection and predictive analytics to guide timely intervention.
Furthermore, these tools enable learners to consistently enhance market-specific skills, while gaining powerful insights via behavioural tracking, cohort analysis, and content effectiveness metrics. Institutions can leverage these tools to ensure improved student outcomes, optimised teaching strategies, and better alignment with industry demands. Advanced AI learning platforms also automate routine academic tasks and integrate multilingual AI chatbots that answer student queries and flag knowledge gaps, enhancing institutional efficiency and elevating the learner’s experience.
AI-powered learning: Key to nurturing a future-ready workforce
In the MENA region, there is a growing disconnect between education and job market needs, led by rapid digitalisation and economic diversification efforts. To ensure that the regional educational sector can keep pace with evolving market demands, it is vital to prioritise competency-based, personalised learning. For instance, ‘AcademyX’, Saal.ai’s flagship AI-powered competency development platform designed for educational institutions, government bodies, and enterprises, can create personalised learning journeys based on user profiles, performance trends, and evolving industry requirements. Such platforms also support national efforts to enhance employability, promote lifelong learning, and foster a digitally fluent, innovation-driven workforce. It also enables educational institutions to identify learning gaps as early as in the first semester, empowering educators to initiate timely interventions and ensure improved academic outcomes, engagement, and retention.
Such a holistic approach is critical to making sure that educational goals and outcomes are aligned with broader market requirements so that students gain practical skills which can enhance their employability and future readiness. Saal.ai’s ‘DigiXT’ platform plays a vital role in this regard as it empowers both learners and educators to work with real-world datasets, while familiarising them with industry-grade tools, AI research capabilities, and cloud-based analytics environments.
Though EdTech holds the potential to transform the MENA region’s educational landscape, it is essential to address key challenges like access, affordability, and quality. Furthermore, it is vital to understand the role of AI in promoting personalised feedback and interactive methods. By embracing AI-powered online education as a tool that complements traditional education, the regional education industry can catalyse its growth, while achieving improved learning outcomes and greater educational equity.
LEGOLAND Dubai Resort Joins Forces for Heartwarming Initiative led by Dubai Police at Dubai International Airport
NIO’s Industry Leading Innovations Set New Benchmarks for Intelligent, Premium Electric Mobility
DRIVING THE SHIFT: How Keyloop is Reshaping the Future of Automotive Retail
-
Tech News12 months agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews1 year agoNavigating the Cybersecurity Landscape in Hybrid Work Environments
-
VAR3 months agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Tech News1 year agoBrighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Tech Features1 year agoThe Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
VAR10 months agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms
-
Features1 year agoSecurity in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Automotive1 year agoAl-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023