A High-Risk Year of Espionage, Ransomware, Access Sales & Ideological Attacks
Saudi Arabia Threat Landscape Report:
Saudi Arabia entered 2025 facing one of the most diverse and volatile cyber threat environments in the region. From state-aligned espionage campaigns and multi-extortion ransomware to rampant initial access sales, data breaches, and hacktivism, the Kingdom was at the center of heightened global cyber activity.
Cyble’s Research and Intelligence Labs (CRIL) uncovers the actors, campaigns, motivations, and underground market dynamics shaping cyber risk across The Kingdom of Saudi Arabia.
What’s happening inside Saudi Arabia’s cyber space?
✓ 27 incidents of compromised access sales — with IT & ITES, Construction, and Government emerging as prime targets.
✓ 54 data breaches and leaks — dominated by Government, Education, Media, and Energy-linked sectors.
✓ 13 ransomware attacks across 11 distinct groups — with Ralord, Everest, and DragonForce leading the activity.
✓ Multiple state-backed espionage operations — including Chinese and Iranian clusters leveraging supply chain infiltration & backdoors.
✓ A surge of ideologically driven hacktivism — targeting over 57 domains across government, healthcare, telecom, and infrastructure.
The threat activity in the Kingdom is fueled by a complex convergence of cybercriminals, nation-state actors, and hacktivist groups, each driving attacks for financial, geopolitical, or ideological gain.
Want to see who’s targeting Saudi Arabia — in real time?
Get the full Threat Landscape Report and uncover adversaries, campaigns, and risks impacting your sector.
And if you want to see how Cyble can help you build the cyber resilience against the next-gen threats, go deeper with a personalized threat visibility session and schedule a free demo now!
