Week in Review — China-linked hackers and DMARC in the Middle East

March 08, 2024 by Robert Lemos Categories : Week in Review

A China-linked APT known as "Evasive Panda" orchestrated sophisticated cyber-espionage campaigns by combining watering-hole tactics—compromising legitimate websites to infect visitors—with supply-chain attacks to deliver its modular malware framework, MgBot, which enables downloading additional payloads and data exfiltration. MgBot’s plug‑in architecture allows the actor to spy on targeted organizations—including NGOs, telecoms in Africa, and Tibetan communities—leveraging a multi‑vector approach to infiltrate networks and steal sensitive information.

Middle Eastern countries — particularly Saudi Arabia and the UAE — are leading global DMARC adoption, with about 57% of Saudi and 43% of UAE domains set to 'reject' unauthenticated emails, surpassing the approximately 31% adoption rate among Global 2000 firms. Major infrastructure like SPF, DKIM, and DMARC has been widely deployed across regional companies, driven by mandates from Google and Yahoo and supported by national cybersecurity regulations. While enforcement still lags globally, the Middle East’s momentum promises to curb phishing, improve email reliability, and bolster overall email security—marking a significant shift in the region’s cyber posture.