Cybercrime Surge in META: Group-IB Exposes New Threats, Urges Strategic Defense

In its latest intelligence report for May 2025, cybersecurity firm Group-IB highlights an alarming rise in sophisticated cyber threats across the Middle East, Türkiye, and Africa (META), alongside emerging global trends that redefine the threat landscape. From deceptive phishing campaigns to state-backed malware operations, the report underscores the urgent need for coordinated, proactive defense strategies.

Global Alarms: Fraud, Ransomware, and Identity Theft

One of the most striking revelations concerns a fraud scheme in Colombia dubbed the “Insurance Trap.” Cybercriminals cloned over 100 car insurance websites and weaponized legitimate open data—such as license plate verification—to funnel victims toward fake payment portals, stealing banking credentials through phishing-laced QR codes. Group-IB warns that this model could be replicated in regions with similarly open vehicle databases.

Meanwhile, the infamous ransomware gang RansomHub, believed to be an offshoot of Knight/Cyclops, staged a brief but impactful appearance. The group offered a generous 90/10 profit split and a cross-platform locker tool that drew in affiliates from defunct ransomware groups, such as LockBit and ALPHV, only to suddenly disappear in April. Telemetry suggests many of its members have now migrated to the rival gang Qilin.

In response to such threats, Google Cloud’s Mandiant division recommends five hardened defenses against the SIM-swap-savvy group UNC3944 (“Scattered Spider”): robust identity checks at help desks, phishing-resistant multi-factor authentication (MFA), healthy device enforcement, strict network segmentation, and hunting for social engineering traces in logs.

Regional Focus: Rise of a Nation-State APT in Iraq

Closer to home, Group-IB’s threat hunting teams have identified a troubling development in Iraq. On April 30, malicious files uploaded to VirusTotal were confirmed to be part of the newly discovered SHELBY malware family, linked to an advanced persistent threat (APT) actor known as DarkBlinders. The group’s branding draws heavily from “Peaky Blinders” iconography and shows hallmarks of state sponsorship. Group-IB assesses with moderate confidence that DarkBlinders may be backed by a national government, given its sophisticated tools and strategic targeting.

Ransomware and Hacktivism Rising

The META region continues to experience heightened ransomware activity, with attackers encrypting data and demanding payment in exchange for not exposing it. Concurrently, hacktivism remains a pressing issue, with politically motivated groups carrying out DDoS attacks, defacements, and data breaches, mostly using compromised accounts.

Compromised account statistics indicate a surge in stolen login credentials and card data, which cybercriminals use to penetrate deeper into corporate environments or launch additional attacks.

Urging Action: Six Strategic Recommendations

To counter these mounting threats, Group-IB urges organizations to implement a six-pronged defense strategy:

1. Raise Employee Awareness – Ongoing education on phishing and social engineering is critical.

2. Fortify IT Infrastructure – Keep systems patched and deploy MFA.

3. Audit Regularly – Assess for vulnerabilities before attackers do.

4. Invest in Threat Detection – Employ EDR and IDS tools for real-time response.

5. Plan for Incidents – Establish and rehearse breach response protocols to ensure a swift and effective response.

6. Leverage Intelligence Services – Stay ahead of evolving threats with up-to-date data.

About Group-IB
Founded in 2003, Group-IB is a global leader in investigating and preventing cybercrime. With headquarters in Singapore and operations spanning multiple regions, the firm serves as a trusted advisor to governments, enterprises, and law enforcement agencies in their efforts to combat digital threats.