Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa - Dark Reading

CYBERATTACKS & DATA BREACHES CYBER RISK CYBERSECURITY OPERATIONS THREAT INTELLIGENCE NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises. Robert Lemos,Contributing Writer October 29, 2025 4 Min Read SOURCE: MICROSOFT'S "DIGITAL DEFENSE REPORT 2025" Cybercriminals are increasingly adopting AI to fuel their attacks against African organizations, using the technology to boost the effectiveness of phishing campaigns and execute impersonation attacks using deepfakes, experts say. Overall, deepfake-related fraud has nearly tripled in the past year, with voice scams driving the growth in generative AI attacks, according to threat intelligence firm Group-IB. Meanwhile, phishing is the most common attack against African organizations, with attackers using AI to produce native-sounding messages and automate campaigns to achieve a 54% click-through rate — 4.5 times higher than traditional methods, according to Microsoft. Attackers are using AI to craft phishing messages in regional languages with appropriate cultural contexts, impersonating trusted individuals and exploiting familiar platforms, says Kerissa Varma, chief security advisor for Africa at Microsoft. Related:Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia "Africa is increasingly being targeted by identity-based and AI-driven threats — and AI has significantly reduced the time attackers need for reconnaissance," she says. "AI-generated content is flooding digital spaces, overwhelming traditional detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale." Overall, both companies have seen attacks climb quickly in the region, with attackers increasingly integrating AI into the attack pipeline. The use of synthetic identities to bypass verification checks has nearly tripled, while nation-states have adopted AI throughout their operations, Microsoft stated in its "Digital Defense Report 2025" published in mid-October. Egypt, Morocco, Algeria, and South Africa remain the top four countries most frequently targeted by attackers, according to Group-IB. The number of detected attacks has roughly doubled in the past year, says Dmitry Volkov, CEO of the threat intelligence firm. "Overall, we're seeing a clear convergence of financially motivated groups and state-linked actors operating in the region, taking advantage of rapid digital transformation, uneven cybersecurity investment, and regional connectivity growth," he says. Cybercrime Hubs in Nigeria and South Africa While phishing is the most prevalent threat affecting organizations in Africa, business email compromise (BEC) has become the most successful, with both South Africa and Nigeria becoming hubs for BEC infrastructure and money-mule recruitment, Microsoft stated in its report. BEC attacks account for just 2% of observed threats worldwide, but 21% of the successful attacks in Africa are variants of the attack, the company stated. Ransomware accounts for 16% of successful attacks. Related:Chinese APT Targets Indian Banks, Korean Policy Circles   A map showing that a great deal of business e-mail compromise (BEC) campaigns come out of four countries in the Africa region. Source: Microsoft "Digital Defense Report 2025" AI has also contributed to increased popularity of social engineering attacks against businesses in the Middle East and parts of Africa, with video-based phishing — "vishing" —  attacks leveraging AI technologies to pose serious risks to financial institutions, executives, and government officials, says Group-IB's Volkov. "Overall, AI is amplifying both the scale and credibility of social engineering and fraud campaigns in the region. Organizations must evolve their detection, authentication, and awareness strategies to keep pace with this new wave of AI-driven threats," he says. Part of the increasingly threatening landscape is the result of Southeast Asian cybercriminal syndicates moving into the region. Organizations in Egypt, Morocco, Algeria, and South Africa are most frequently targeted by these cybercriminal groups. They are also using AI technologies to improve scam scripts, better manage their call center operations, and more effectively target and manipulate potential victims at the top of the fraud funnel, Volkov says. Microsoft has also seen an uptick in nation-state threats targeting organizations in the region, with more than 150 cybersecurity attacks linked to nation-state actors, including over half in Egypt, South Africa, and Ethiopia, according to Microsoft. Related:6-Year Ransomware Campaign Targets Turkish Homes & SMBs A Global Cybersecurity Approach Organizations and national governments are stepping up. African nations have already started to harmonize their approaches to cybersecurity across borders to include a focus on risk, promoting interoperability, and reducing duplication across borders, Microsoft's Varma says. She pointed out that the African Union's Malabo Convention — which aims to protect personal data and enhance cybersecurity — has been ratified by 15 African Union member states to date. "Treat cybersecurity as a core business risk — boards and CEOs should track key metrics ... and align security controls to business risks," she says, adding that, to keep up with attackers' use of AI, organizations need to "start AI and quantum risk planning [by] assess[ing] both the benefits and risks of AI, and begin planning for post-quantum cryptography." Organizations also need to gauge their ability to understand what threats are targeting their operations and work with local and regional cybersecurity communities to share information in as near real-time as possible, says Group-IB's Volkov. "Public and private sector collaboration is equally vital,," he says, "as more joint investigations between regional and international entities have proven effective, as every arrested cybercriminal can prevent thousands of future incidents while sending a powerful deterrent message to others." Read more about: DR Global Middle East & Africa About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps The Total Economic Impact™ Of Google SecOps The Business Value of Google Threat Intelligence The Total Economic Impact™ Of Google SecOps AI-driven SecOps: Transforming Financial Services Security Access More Research Webinars Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? Security in the AI Age More Webinars You May Also Like CYBERATTACKS & DATA BREACHES Critical Fortinet Flaws Under Active Attack by Jai Vijayan, Contributing Writer DEC 17, 2025 CYBERATTACKS & DATA BREACHES F5 BIG-IP Environment Breached by Nation-State Actor by Alexander Culafi OCT 15, 2025 CYBERATTACKS & DATA BREACHES Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business by Robert Lemos, Contributing Writer OCT 03, 2025 CYBERATTACKS & DATA BREACHES Researcher Says Patched Commvault Bug Still Exploitable by Jai Vijayan, Contributing Writer MAY 06, 2025 Editor's Choice VULNERABILITIES & THREATS EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses byRob Wright APR 14, 2026 8 MIN READ СLOUD SECURITY CSA: CISOs Should Prepare for Post-Mythos Exploit Storm byAlexander Culafi APR 13, 2026 6 MIN READ СLOUD SECURITY Navigating the Unique Security Risks of Asia's Digital Supply Chain byAlexander Culafi APR 15, 2026 3 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST Tips for Managing Cloud Security in a Hybrid Environment? THURS, MAY 7, 2026 AT 1PM EST Security in the AI Age TUES, APRIL 28, 2026 AT 1PM EST More Webinars White Papers 7 best practices for secrets lifecycle management Reinventing the SOC with agentic AI Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS