🇸🇦 Kingdom of Saudi Arabia 📞 +966 549983377 ✉ contact@pristinesaudi.com
24/7 SOC ACTIVE
🌐 عربي Client Portal
Home
About
About Pristine Leadership Team Certifications & Awards Technology Partners Careers
Services
SOC & Threat Monitoring Penetration Testing Cloud Security GRC & Compliance IAM & PAM Incident Response Cyber Training OT/ICS Security MSSP Services DevSecOps
Solutions
SIEM / SOAR Zero Trust DLP EDR / XDR Network Security Email Security
Compliance
NCA ECC & CCC SAMA Framework ISO 27001 / 27701 PDPL Compliance PCI DSS
Industries
Government & Defense Banking & Financial Energy & Oil & Gas Healthcare Telecom Retail & E-Commerce
Insights
Cyber Threat Reports Whitepapers Webinars & Events Case Studies FAQs
Home/Insights/Cyber Threat Reports
Saudi Threat Intelligence · Quarterly Reports · APT Tracking

Saudi Arabia's
Cyber Threat
Landscape.

Pristine's threat intelligence team publishes quarterly Saudi threat landscape reports, APT actor advisories, sector-specific threat briefings, and rapid-response alerts — giving Saudi and GCC security teams the intelligence they need to stay ahead of attackers targeting the Kingdom.

Browse All Reports → Subscribe to Intelligence Feed
47+Threat Actors Tracked
Q1 2025Latest Quarterly Report
24/7Threat Feed Active
250+IoCs Published (2025)
Saudi-FirstIntelligence Focus
Saudi Threat Landscape
APT34 / OilRig
Shamoon Variants
Ransomware GCC
Cyber Espionage KSA
CERT-SA Intelligence
Dark Web Monitoring
MENA Threat Actors
State-Sponsored TTPs
Financial Fraud
Supply Chain Attacks
IoC Releases
Saudi Threat Landscape
APT34 / OilRig
Shamoon Variants
Ransomware GCC
Cyber Espionage KSA
CERT-SA Intelligence
Dark Web Monitoring
MENA Threat Actors
State-Sponsored TTPs
Financial Fraud
Supply Chain Attacks
IoC Releases
📌 Featured Report

Saudi Arabia Cyber Threat Landscape — Q1 2025

Threat Report Q1 2025 FEATURED

Saudi Arabia Cyber Threat Landscape Report Q1 2025

Comprehensive analysis of the threat landscape facing Saudi Arabia's public and private sector in Q1 2025. This report covers APT34's evolved TTPs targeting Saudi government entities, a surge in ransomware campaigns from Rhysida and Black Basta against Saudi healthcare and manufacturing, and the emergence of three new initial access brokers specialising in Saudi corporate network access.

47 active threat actor groups tracked targeting Saudi organisations
New APT34 phishing kit targeting Saudi government .sa domains with 3DS lure
Rhysida ransomware: 4 confirmed Saudi healthcare incidents in Q1 2025
Dark web: SAR 2.3M in Saudi corporate access listings identified and reported
Critical infrastructure: 18 Saudi energy sector attack attempts blocked by clients
Download Full Report → 📄 48 pages · PDF
// Top Threat Actors — Q1 2025
APT34 / OilRig
Iranian state-sponsored
95
Threat Score
Government · Energy · Finance
Rhysida
Ransomware-as-a-Service
82
Threat Score
Healthcare · Manufacturing
Black Basta
Ransomware-as-a-Service
78
Threat Score
Retail · Technology · Finance
Seedworm / MuddyWater
Iranian state-sponsored
71
Threat Score
Telecom · Government
TA505 / Cl0p
FIN Group
64
Threat Score
Financial · Supply Chain
Lazarus Group
DPRK state-sponsored
58
Threat Score
Financial · Crypto
All Reports

Threat Intelligence Library

Browse Pristine's full library of Saudi and GCC threat intelligence publications — quarterly reports, APT advisories, sector briefings, and rapid-response alerts.

🎯
APT Q2 2025 · APT Intelligence
APT34 Evolution — 2025 TTP Update
APT34/OilRig has updated its phishing infrastructure targeting Saudi .sa domains. This advisory covers the new lure documents, C2 infrastructure, and defensive mitigations for Saudi government and financial organisations.
📄 24 pages Download PDF →
💥
RANSOMWARE Q1 2025 · Ransomware Intelligence
Rhysida Ransomware — GCC Sector Analysis
Detailed analysis of Rhysida ransomware campaigns across GCC healthcare and manufacturing organisations in 2024-2025 — initial access vectors, dwell time analysis, ransom demands, and defensive playbook.
📄 31 pages Download PDF →
📊
QUARTERLY Q4 2024 · Quarterly Report
Saudi Threat Landscape — Q4 2024
Comprehensive Q4 2024 threat landscape covering top 10 threat actors, incident volume by sector, new CVEs exploited against Saudi systems, and threat forecast for Q1 2025.
📄 52 pages Download PDF →
🏦
SECTOR H2 2024 · Sector Briefing
Financial Sector Threat Briefing — H2 2024
BEC fraud evolution, SWIFT-targeting techniques, and account takeover campaigns specifically targeting Saudi banks, fintechs, and payment processors in H2 2024.
📄 28 pages Download PDF →
SECTOR 2024 Annual · Sector Briefing
OT/ICS Threats to Saudi Energy — 2024 Annual
Annual analysis of cyber threats to Saudi energy, petrochemical, and utility OT environments — Shamoon variants, Triton successors, and nation-state targeting of Saudi critical infrastructure.
📄 36 pages Download PDF →
🔐
APT Q1 2025 · Dark Web Intelligence
Dark Web Saudi: Credential & Access Markets
Monitoring report on Saudi corporate credential listings, network access offerings, and data sales on dark web and Telegram — 847 Saudi organisations found exposed in Q1 2025.
📄 19 pages Download PDF →
📱
SECTOR 2025 · Sector Briefing
Mobile Threat Report — Saudi Banking Apps
Analysis of fake Saudi banking apps, overlay malware targeting Saudi mobile banking users, and OTP-bypassing campaigns active against Mada and Saudi payment platforms.
📄 22 pages Download PDF →
🛒
SECTOR Q4 2024 · Sector Briefing
Magecart & E-Skimming — Saudi E-Commerce
E-skimming attack analysis targeting Saudi e-commerce checkout pages — active Magecart groups, JavaScript injection techniques, and PCI DSS v4.0 script integrity mitigations.
📄 26 pages Download PDF →
🚨
ADVISORY May 2025 · Critical Advisory
CRITICAL: Apache CVE-2025-XXXX Advisory
Rapid-response advisory on critical Apache vulnerability actively exploited against Saudi web servers — affected versions, exploitation evidence, and immediate mitigation steps.
📄 8 pages Download PDF →
Download Reports

Access Pristine's Threat Intelligence

All Pristine threat reports are free to download. Complete the form below and the report will be emailed to you immediately. Subscribe to receive all future reports automatically.

// Download / Subscribe

🔒 PDPL compliant · Report delivered by email immediately

// Intelligence Subscription

Subscribe to Pristine's intelligence feed and receive:

Quarterly Saudi Threat Landscape Reports
Critical CVE advisories within 24 hours
APT actor profile updates
Sector-specific threat briefings
Monthly IoC release packages
// Enterprise Intel Feed

For dedicated threat intelligence with STIX/TAXII integration, custom IoC feeds, and analyst briefings, contact our threat intelligence team.

Enterprise Intel Enquiry →
More Insights

Explore More From Pristine

📄
Whitepapers & Research
Deep-dive technical research and compliance guides.
→ Explore
🏆
Case Studies
Real-world outcomes from Pristine client engagements.
→ Explore
🎙️
Webinars & Events
Live and on-demand security sessions from Pristine experts.
→ Explore
FAQs
Answers to common cybersecurity and compliance questions.
→ Explore