UAE Defense System Neutralizes 634 High-Risk Cyberattacks

The UAE successfully blocked 634 cyberattacks that targeted its government and private sector’s critical systems. These attacks aimed to steal data from the nation’s vital sectors. A threat actor who goes by “rose87168” took credit for breaching Oracle Cloud’s SSO and LDAP systems. This security incident potentially impacted six million customer records worldwide. The attack campaign specifically focused on 30 government entities and 13 private organizations in the UAE. The nation’s cybersecurity strategy played a vital role during this period. The UAE’s systems had earlier stopped nearly 200,000 ransomware attacks on January 17. This highlights the persistent cyber threats the country faces daily.

UAE Cybersecurity Council Detects Massive Attack Campaign

UAE’s national cybersecurity systems detected and stopped a massive attack campaign that targeted many sectors throughout the country. The UAE Cyber Security Council’s emergency systems caught 634 cyberattacks that tried to breach vital national systems and steal data from strategic sectors. This defense operation stands as one of the most crucial efforts by UAE authorities in recent months.

Threat Actor ‘rose87168’ Claims Responsibility

The mastermind behind this cyber assault was a threat actor known as “rose87168,” who openly took credit for the attacks. Dr. Mohammed Al Kuwaiti, chairman of the UAE Cyber Security Council, verified that this actor said they had breached major cloud infrastructure. The story began on March 21, 2025, when they posted their claims on “BreachForums” and took credit for this sophisticated break-in.

The threat actor had been busy since January 2025 and kept improving their attack methods. They got access about 40 days before advertising the stolen data online. They didn’t stop at just breaking in – they tried to make money by asking affected organizations for ransom to keep their data safe. They even offered rewards to anyone who could help crack the encrypted passwords they stole.

Oracle Cloud’s SSO and LDAP Systems Compromised

The team found that the threat actor had gone after Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems. The break-in happened because of an unpatched weakness in Oracle Fusion Middleware 11g, an old enterprise platform that handles important login services. This software hadn’t been updated since 2014, which left it open to attacks.

The problem centered on login.us2.oraclecloud.com, which ran the outdated middleware. This subdomain was part of Oracle’s federated SSO setup, a vital piece of their login system. The compromised stack included several key parts that might have been exposed:

• WebLogic Server (Java EE application server)
• Oracle Identity Management (governing SSO and directory services)
• SOA Suite (enabling integration of enterprise applications)
• Additional modules including Oracle BPM, WebCenter, and Oracle Forms and Reports

The breach created serious security risks. Bad actors could use the stolen Java Policy Store keystore and its password to unlock sensitive config files, including database passwords and identity provider secrets. The theft of Java Keystore (.jks) files also raised red flags about possible SSL or TLS attacks, fake services, and man-in-the-middle schemes.

Six Million Customer Records Exposed Globally

The numbers tell a sobering story – about six million customer records leaked worldwide, including sensitive password data. The damage spread far and wide, with roughly 140,000 organizations affected globally. The UAE took a direct hit with 634 entities impacted: 30 government bodies, 13 private organizations, and various other groups.

CloudSEK, a cyber threat intelligence firm, found that the stolen data included some dangerous items:

1. Java Key Store (JKS) files – digital keys used to secure systems
2. Encrypted Single Sign-On (SSO) passwords – scrambled login credentials
3. Hashed Lightweight Directory Access Protocol (LDAP) passwords
4. Key files – special files allowing access to secure system components
5. Enterprise Manager Java Platform Security (JPS) keys – tools used to manage and secure large company systems

Oracle pushed back against these claims. On March 21, 2025, they said no customer data was stolen and the published credentials had nothing to do with their systems.

The stakes remain high. A successful crack of the encrypted SSO and LDAP passwords could let attackers into Oracle Cloud environments and spark more breaches. The stolen JKS and key files might also help bad actors break into connected systems.

The UAE Cybersecurity Council jumped into action. They turned on emergency cyber systems across the country and worked with other authorities. These systems helped protect UAE’s digital space from hacks and threats. The Council told all government and private groups to beef up their cyber defenses, stay ready, and report anything suspicious targeting their systems.

This wasn’t the first rodeo for UAE’s cyber team. On January 17, they had stopped nearly 200,000 daily ransomware attacks. Both events show how cyber threats keep getting bigger and more complex. The message is clear – staying alert and taking action early helps protect the nation’s digital world.

Government Mobilizes Emergency Cyber Defense Systems

The UAE quickly activated its nationwide emergency cyber defense systems after finding a massive cyberattack campaign. The Cyber Security Council launched a complete response strategy. They mobilized specialized teams and put advanced countermeasures in place to reduce the effects of these sophisticated threats. This quick action showed how the UAE’s National Cybersecurity Strategy works in real life. The strategy rests on five pillars: governance, protection, innovation, establishing and building, and partnership.

Rapid Response Teams Deploy Countermeasures

Specialized rapid response teams rushed to defend affected systems as soon as they detected breach attempts. These teams work under the UAE’s “National Cyber Incident Response Plan” that aids quick and coordinated responses to cyber incidents across the country. The authorities use a standard severity assessment matrix to measure threat levels accurately and deploy the right resources.

A 24-7-365 Security Operations Center (SOC) stands at the heart of UAE’s response capabilities. The center watches network activities and puts defensive measures in place without pause. Advanced Security Information and Event Management (SIEM) systems help the center manage security events and spot potential threats before they cause major damage.

The UAE Computer Emergency Response Team (aeCERT) played a vital role in the coordinated defense effort. AeCERT operates under the Telecommunications and Digital Government Regulatory Authority (TDRA) and served as the main hub for sharing information during the attack. They handled key communication with national and international authorities involved in response efforts.

The Emergency Cyber Intelligence Unit (CIU) sprang into action and shared essential intelligence between agencies. This gave them a better view of cybersecurity threats. The unit works alongside active monitoring systems that scan for cyber threats non-stop. This setup allows early detection and quick response to possible security breaches.

FedNet deployment became a key part of UAE’s defense strategy. It gives the federal government secure architecture and reliable, on-demand access to computing resources. This secure network and Multiprotocol Label Switching (MPLS) cloud improved UAE’s cyber security stance during the attack. It created a strong infrastructure that could resist sophisticated breach attempts.

Coordination Between Federal and Local Authorities

Federal and local departments worked together fully to address the cyber threats. The UAE Cybersecurity Council made this smooth cooperation possible. The Council serves as the central authority for managing the nation’s cyber defense efforts. The Head of Cyber Security for the UAE Government chairs the Council. They oversee a complete cybersecurity strategy and help create legal and regulatory frameworks for all types of cybercrimes.

The National Incident Response Committee (NRC) met to make strategic decisions about the National Incident Response program. This high-level committee guided various government entities’ actions to ensure a unified approach against the attack campaign.

Different government bodies shared intelligence that proved essential during this whole ordeal. UAE has built a strong framework that lets them exchange threat intelligence and coordinate their defensive measures well. This shared approach helped authorities spot patterns in the attack methods and develop targeted countermeasures.

UAE set up nine sector committees to run the Critical Information Infrastructure Protection (CIIP) program. These committees cover crucial areas like:

• Energy
• ICT
• Government
• Electricity & Water
• Finance & Insurance
• Emergency services

The committees protect vital systems and keep essential services running. Each sector gets tailored security measures that tackle their unique weak points.

UAE’s cyber defense architecture stood strong despite the scale and complexity of the attacks. Previous investments in security infrastructure and advanced threat detection protocols made this possible. The UAE Cabinet approved the National Cybersecurity Strategy, which has placed the country among top global performers in the 2024 Global Cybersecurity Index. UAE now has one of the most secure and advanced digital infrastructures worldwide.

The UAE Cyber Security Council asked all government and private institutions to boost their cybersecurity defenses. They should improve their cyber preparedness and report suspicious activities right away. This proactive stance shows the Council’s steadfast dedication to staying watchful against evolving digital threats.

This soaring win against the attack campaign proves how well UAE’s complete approach to cybersecurity works. They balance strong technical measures with strategic coordination between different government entities. UAE’s investment in advanced defense capabilities and shared frameworks becomes more valuable as cyber threats grow more complex. These investments help protect national digital assets effectively.

Hackers Target 634 Critical UAE Entities

The UAE Cybersecurity Council’s data shows that malicious actors targeted 634 entities across the nation’s critical infrastructure. This coordinated assault stands as one of the largest cyber campaigns against UAE digital assets. The attack highlighted modern threat actors’ sophistication and tested national defense mechanisms.

30 Government Bodies Face Sophisticated Breach Attempts

Government institutions received the most attacks, with 30 federal and local bodies experiencing direct breach attempts. These organizations maintain vital national databases and systems essential for UAE’s daily operations. The government sector became the primary target and accounted for 30% of all detected attacks.

The attacks against government entities matched patterns typical of advanced persistent threat (APT) actors. Information technology and infrastructure breaches made up 40% of all incidents. This approach revealed the attackers’ plan to compromise foundational systems that could lead to multiple connected networks.

Security analysts found more sophisticated attack methods compared to earlier campaigns. The attacks aimed to extract data from vital and strategic sectors instead of deploying typical ransomware. The Council found that file-sharing attacks made up 9% of the identified intrusion methods. Attackers tried to exploit common collaboration tools used in government operations.

13 Private Organizations Included in Attack Scope

The attack campaign extended to 13 private sector organizations vital to national interests. These companies operate in sectors essential to UAE’s economic and social stability. Security researchers found evidence that attackers chose these private organizations based on their government system connections or critical infrastructure roles.

Attackers carefully selected private sector targets rather than choosing them randomly. Many targets operated in sectors with valuable data assets or infrastructure components. A breach could potentially disrupt essential services. The remaining targets beyond government and specified private organizations fell under various categories, which showed the campaign’s wide reach.

Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, said emergency cyber systems activated nationwide with relevant authorities to protect UAE’s cyberspace. Quick action prevented what could have damaged private sector networks more extensively.

Strategic Sectors Become Primary Targets

The attack pattern revealed the criminals’ priorities. Critical infrastructure and essential services faced persistent intrusion attempts. Financial and banking sectors each received 7% of total attacks. Educational institutions faced similar pressure with 7% of all detected attempts.

Aviation, healthcare, and technology sectors each weathered about 4% of total cyberattacks. The targeted approach showed the attackers knew UAE’s critical infrastructure well. They aimed to cause maximum disruption by focusing on interconnected systems.

The Council revealed that UAE faces over 200,000 daily cyberattacks on its strategic sectors. This ongoing threat level puts the campaign’s significance in context. Security researchers traced these attacks to cyberterrorist groups in 14 different countries. This suggests coordination among various threat actors.

The UAE Cybersecurity Council called for increased watchfulness. They asked all government and private institutions to strengthen their electronic protection systems and boost cyber readiness. Officials stressed the need to report suspicious activities targeting digital systems quickly. Early detection helps improve defense capabilities.

Security analysts identified several factors that made these entities attractive targets:

• Strategic importance to national infrastructure
• Significant data resources with potential intelligence value
• Financial assets that could be monetized through extortion
• Interconnected systems providing potential pivot points to other networks
• Critical service delivery functions with high disruption impact

The extensive targeting pattern shows a calculated strategy to compromise multiple sector systems at once. The council emphasized how cyber threats keep getting more sophisticated. Hacking and fraud tools continue evolving into various forms. The attackers showed ambition and tactical sophistication by targeting 634 entities across government and private sectors. This required an equally coordinated defensive response.

The UAE Cyber Security Council’s emergency response systems worked well this time. Officials acknowledge that evolving threats pose ongoing challenges. This incident explains why UAE continues investing heavily in cybersecurity infrastructure and capability development across public and private sectors.

UAE Implements Advanced Threat Detection Protocols

“If countries cooperate to share early-warning information, it will help us get ahead of the people who want to do us harm.” — Richard DeMillo, Chief Scientist at the Qatar Computing Research Institute

UAE’s defense against a massive cyberattack campaign relied on cutting-edge technology. Advanced detection systems served as the primary shield. A complex network of threat detection protocols helped authorities spot and eliminate threats early.

AI-Powered Systems Identify Unusual Network Activity

AI systems are the cornerstone of UAE’s cybersecurity setup. These systems can spot unusual network behavior. Reports show 91% of UAE companies now use AI in their cybersecurity strategies to combat new threats. This shows how the nation knows traditional security measures can’t handle modern attacks alone.

Defense systems across critical infrastructure use machine learning algorithms. They track normal network behavior and flag any suspicious changes. These tools helped catch the first signs of the large attack campaign. Security teams could act before any major damage occurred.

Bad actors now use AI for attacks, so UAE has built better defenses. The country saw more AI-powered threats in 2024. Attackers used machine learning and automation to make their attacks bigger, faster, and smarter. UAE’s cybersecurity teams responded by investing in smart AI defenses that adapt to these new threats.

UAE’s infrastructure protection includes these key features:

• Pattern recognition algorithms that catch subtle attack signs
• Behavioral analysis tools that spot unusual activities
• Predictive modeling that sees possible attack paths
• Anomaly detection systems that find network traffic outliers

AI systems looked through huge amounts of data to catch threats before they turned into breaches. Attackers got smarter, but UAE’s defenses stayed ahead by learning and adapting.

Sophos’s Senior Vice-President of Sales for EMEA, Dr. Gerard Allison, noted that AI security solutions work well against UAE’s cyber threats. These systems process massive data sets and find patterns that humans might miss, which helped during the crisis.

UAE leads in AI adoption and cybersecurity thanks to its National Cybersecurity Strategy and smart city investments. These tools don’t just defend – they predict weak spots before attacks happen, making cybersecurity proactive rather than reactive.

Real-Time Monitoring Prevents Data Exfiltration

Detection capabilities came first, but stopping data theft was just as crucial. Data Loss Prevention (DLP) tools across government and private networks stopped attackers from stealing sensitive data.

Network traffic underwent constant analysis to catch unusual data movement that might signal theft attempts. Protection covered cloud, web, and private applications, keeping sensitive information safe everywhere. UAE also added strong endpoint protection to stop device-level data theft.

These systems could sort data automatically and protect confidential information right away. Quick sorting meant security teams could block theft attempts in seconds.

During the attacks, systems checked user and employee actions based on their authorized roles. This stopped both intentional and accidental data leaks by enforcing strict policies.

Experts say UAE businesses must have real-time threat detection. Security teams reduced damage by catching threats early in the recent attack campaign. Quick detection led to faster responses, giving attackers less time to exploit weak spots.

UAE’s monitoring setup uses threat intelligence to learn about new attack methods. This smart approach helps security systems adapt to threats before they appear, creating defenses that stay ahead of attacks.

These monitoring systems proved their worth by stopping data theft across all devices and channels. They caught potential breaches through non-stop threat prevention and analysis.

Combining real-time monitoring with existing security created a single platform to protect data everywhere. This approach made security management simpler while improving protection.

UAE’s advanced threat detection shows how cybersecurity must keep pace with new threats. The country’s investment in new technology sets an example for national cyber defense that balances innovation with practical use – a combination that helped beat the recent attack campaign.

Cybersecurity Experts Analyze Attack Patterns

The forensic analysis of blocked cyberattacks has revealed crucial insights about sophisticated tactics used against UAE systems. Our cybersecurity team has found distinct patterns that suggest highly coordinated operations by dissecting these incidents. A detailed investigation helped experts piece together the complex methodology behind attacks targeting 634 entities in the Emirates.

Signature Methods Reveal Possible State-Sponsored Activity

Security analysts found evidence pointing to state-sponsored involvement when they looked at attack signatures. A major revelation in 2023 was the detection of North Korean-linked Lazarus Group conducting cyber espionage in the UAE. This finding challenges the belief that regional adversaries pose the main threat and shows how global cyber threats affect the Emirates.

The security team identified eight key intrusion sets that suspected state actors arranged: Bitter, Molerats, MuddyWater, Shamoon 3, Chafer, DarkHydrus, OilRig, and DNSpionage. Each set uses unique techniques that help investigators trace attacks back to specific threat groups.

Recent attack analysis shows system misconfigurations caused 32% of cyber incidents. Improper usage and unlawful activity followed at 19%. This matches previous state-sponsored campaigns that exploit system weaknesses instead of using brute force methods.

Drive-by downloads remained the quickest way to gain initial entry throughout 2024. Attackers also used phishing and web server compromises. These methods grew more sophisticated with AI tools that enhanced social engineering efforts and deepfake technology.

The core team believes a well-resourced cyber espionage group with alleged Iranian ties arranged some attacks. The reasons behind these cyberattacks include espionage, disruption of critical sectors, and cyber warfare to pressure geopolitical adversaries.

Zero-Day Vulnerabilities Exploited in Attempts

Threat actors used several zero-day vulnerabilities alongside signature-based attacks to break into UAE systems. The UAE Computer Emergency Response Team (aeCERT) found a new zero-day vulnerability in Microsoft Windows. This flaw lets attackers escalate privileges and run arbitrary code in kernel mode. Researchers also found another vulnerability in OpenSSL that makes CPU usage spike to 100% on affected servers.

The UAE Cyber Security Council spotted threat actors actively exploiting a critical Microsoft Exchange vulnerability. This vulnerability, tracked as CVE-2024-21410 with a CVSS Base Score of 9.8 (CRITICAL), lets remote unauthenticated actors escalate privileges in NTLM relay attacks. Successful exploitation could allow attackers to relay a user’s leaked Net-NTLMv2 hash against vulnerable Exchange Servers and authenticate as that user.

The malware used in these attacks had these key features:

• Advanced obfuscation techniques to evade detection by traditional antivirus software
• Remote access control capabilities allowing unauthorized users to manipulate data
• Persistence mechanisms enabling the malware to remain within networks even after initial detection
• Strategic exploitation of zero-day vulnerabilities to infiltrate secure systems

An Oracle Form vulnerability (CVE-2021-3153) caused 53% of vulnerabilities in UAE networks. Attackers chose this flaw because it was easy to exploit. The vulnerability lets authenticated attackers extract valuable information from servers and conduct network reconnaissance.

Attacker tactics changed radically in 2023. Drive-by-downloads increased by 18% while malware directly installed on victims’ machines jumped 36%. Attackers exploited both N-day and Zero-day vulnerabilities in public-facing applications. Many attacks started right after proof-of-concept exploit code became public.

The analysis revealed that many exploited vulnerabilities in UAE systems were over five years old. This suggests UAE-based organizations need better vulnerability patch management. These security gaps create opportunities for sophisticated attackers.

UAE Cyber Security Strategy Proves Effective

UAE’s remarkable success in stopping 634 cyberattacks stems from its complete National Cybersecurity Strategy, which the UAE Cabinet formally endorsed. This strategic framework builds on five key pillars: governance, protection, breakthroughs, capacity building, and partnership. These elements together built a resilient ecosystem that effectively countered one of the biggest cyber campaigns that ever targeted UAE’s digital assets.

Multi-Layer Defense Architecture Withstands Pressure

UAE has built an intricate defense architecture with a federal network and shared infrastructure. This makes smooth interconnectivity and data exchange between local and federal entities possible. The network creates a multi-layered security environment with high-level encryption in all protocols. This minimizes exposure to cyber intruders by reducing vulnerabilities. The architecture proved highly effective against the recent attack campaign.

The National Cybersecurity Operations Center sits at the defense system’s core. It monitors threats constantly and sends early warnings to counter breach attempts. This sophisticated infrastructure also has:

• Complete cyber defensive capabilities through threat intelligence
• Advanced security monitoring systems for continuous protection
• Proactive threat hunting mechanisms to find potential vulnerabilities
• Quick patch management to fix security gaps

These defenses helped UAE become a global leader in cybersecurity. The country secured the highest tier-one rating in the International Telecommunication Union’s Global Cybersecurity Index 2024.

Previous Investments in Security Infrastructure Pay Off

UAE’s investment of over AED 7.34 billion in cybersecurity and digital transformation initiatives has shown impressive results. These investments focused on building advanced security frameworks, improving cybersecurity infrastructure, and deepening the nation’s defense capabilities against cyber threats.

The country’s Cybersecurity market should reach USAED 2056.14 million by 2025. The Security Services segment leads with an estimated USAED 1088.03 million. This financial commitment shows the country’s strategic focus on digital defense.

UAE’s National Cybersecurity Strategy implementation has created a secure environment. This lets people and institutions work and grow while protecting public and private assets. The integrated approach includes a complete legal and regulatory framework, policies to protect emerging technologies, capacity-building programs for professionals, and systems to detect cybersecurity incidents. These investments helped UAE effectively counter sophisticated attacks targeting its critical infrastructure.

UAE successfully defended against 634 complex cyberattacks, which shows its reliable cybersecurity capabilities. The UAE Cybersecurity Council coordinated a complete response that protected critical government and private sector systems from potentially devastating breaches.

AI-powered detection protocols and live monitoring systems played a key role. These systems identified and neutralized threats before any major damage could occur. The threat actor “rose87168” faced strong defensive measures that blocked unauthorized access to sensitive data in multiple sectors.

UAE has become a global leader in digital defense through major investments in cybersecurity infrastructure. Emergency response teams and sophisticated threat detection systems support its multi-layered security setup. This setup continues to protect vital national interests from new cyber threats.

UAE’s strategy to stop this massive attack campaign proved highly effective. Government entities worked closely with private organizations to implement innovative technology. Together they built a strong digital ecosystem that can handle complex cyber threats. This achievement shows why strong cyber defenses matter as security challenges keep evolving in our connected world.