Orgs See Surge in AI-Powered Attacks Across Africa TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityAI-Generated Code Poses Security, Bloat ChallengesAI-Generated Code Poses Security, Bloat ChallengesbyRobert Lemos, Contributing WriterOct 29, 20256 Min ReadVulnerabilities & ThreatsOracle EBS Attack Victims May Be More Numerous Than ExpectedOracle EBS Attack Victims May Be More Numerous Than ExpectedbyAlexander CulafiOct 28, 20253 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLCyberattacks & Data BreachesCyber RiskCybersecurity OperationsThreat IntelligenceNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificCybersecurity Firms See Surge in AI-Powered Attacks Across AfricaCybersecurity Firms See Surge in AI-Powered Attacks Across AfricaCybersecurity Firms See Surge in AI-Powered Attacks Across AfricaAfrica becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises.Robert Lemos, Contributing WriterOctober 29, 20254 Min ReadSource: Microsoft's "Digital Defense Report 2025"Cybercriminals are increasingly adopting AI to fuel their attacks against African organizations, using the technology to boost the effectiveness of phishing campaigns and execute impersonation attacks using deepfakes, experts say.Overall, deepfake-related fraud has nearly tripled in the past year, with voice scams driving the growth in generative AI attacks, according to threat intelligence firm Group-IB. Meanwhile, phishing is the most common attack against African organizations, with attackers using AI to produce native-sounding messages and automate campaigns to achieve a 54% click-through rate — 4.5 times higher than traditional methods, according to Microsoft.Attackers are using AI to craft phishing messages in regional languages with appropriate cultural contexts, impersonating trusted individuals and exploiting familiar platforms, says Kerissa Varma, chief security advisor for Africa at Microsoft."Africa is increasingly being targeted by identity-based and AI-driven threats — and AI has significantly reduced the time attackers need for reconnaissance," she says. "AI-generated content is flooding digital spaces, overwhelming traditional detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale."Related:MuddyWater Targets 100+ Gov Entities in MEA With Phoenix BackdoorOverall, both companies have seen attacks climb quickly in the region, with attackers increasingly integrating AI into the attack pipeline. The use of synthetic identities to bypass verification checks has nearly tripled, while nation-states have adopted AI throughout their operations, Microsoft stated in its "Digital Defense Report 2025" published in mid-October.Egypt, Morocco, Algeria, and South Africa remain the top four countries most frequently targeted by attackers, according to Group-IB. The number of detected attacks has roughly doubled in the past year, says Dmitry Volkov, CEO of the threat intelligence firm."Overall, we're seeing a clear convergence of financially motivated groups and state-linked actors operating in the region, taking advantage of rapid digital transformation, uneven cybersecurity investment, and regional connectivity growth," he says.Cybercrime Hubs in Nigeria and South AfricaWhile phishing is the most prevalent threat affecting organizations in Africa, business email compromise (BEC) has become the most successful, with both South Africa and Nigeria becoming hubs for BEC infrastructure and money-mule recruitment, Microsoft stated in its report. BEC attacks account for just 2% of observed threats worldwide, but 21% of the successful attacks in Africa are variants of the attack, the company stated. Ransomware accounts for 16% of successful attacks.Related:Asian Nations Ramp Up Pressure on Cybercrime 'Scam Factories' A map showing that a great deal of business e-mail compromise (BEC) campaigns come out of four countries in the Africa region. Source: Microsoft "Digital Defense Report 2025"AI has also contributed to increased popularity of social engineering attacks against businesses in the Middle East and parts of Africa, with video-based phishing — "vishing" —  attacks leveraging AI technologies to pose serious risks to financial institutions, executives, and government officials, says Group-IB's Volkov."Overall, AI is amplifying both the scale and credibility of social engineering and fraud campaigns in the region. Organizations must evolve their detection, authentication, and awareness strategies to keep pace with this new wave of AI-driven threats," he says.Part of the increasingly threatening landscape is the result of Southeast Asian cybercriminal syndicates moving into the region. Organizations in Egypt, Morocco, Algeria, and South Africa are most frequently targeted by these cybercriminal groups. They are also using AI technologies to improve scam scripts, better manage their call center operations, and more effectively target and manipulate potential victims at the top of the fraud funnel, Volkov says.Microsoft has also seen an uptick in nation-state threats targeting organizations in the region, with more than 150 cybersecurity attacks linked to nation-state actors, including over half in Egypt, South Africa, and Ethiopia, according to Microsoft.Related:China-Nexus Actors Weaponize 'Nezha' Open Source ToolA Global Cybersecurity ApproachOrganizations and national governments are stepping up. African nations have already started to harmonize their approaches to cybersecurity across borders to include a focus on risk, promoting interoperability, and reducing duplication across borders, Microsoft's Varma says. She pointed out that the African Union's Malabo Convention — which aims to protect personal data and enhance cybersecurity — has been ratified by 15 African Union member states to date."Treat cybersecurity as a core business risk — boards and CEOs should track key metrics ... and align security controls to business risks," she says, adding that, to keep up with attackers' use of AI, organizations need to "start AI and quantum risk planning [by] assess[ing] both the benefits and risks of AI, and begin planning for post-quantum cryptography."Organizations also need to gauge their ability to understand what threats are targeting their operations and work with local and regional cybersecurity communities to share information in as near real-time as possible, says Group-IB's Volkov."Public and private sector collaboration is equally vital,," he says, "as more joint investigations between regional and international entities have proven effective, as every arrested cybercriminal can prevent thousands of future incidents while sending a powerful deterrent message to others."Read more about:DR Global Middle East & AfricaAbout the AuthorRobert Lemos, Contributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert Lemos, Contributing WriterMore InsightsIndustry ReportsMiercom Test Results: PA-5450 Firewall WinsSecurity Without Compromise Better security, higher performance and lower TCOThe Total Economic Impact™ Of Palo Alto Networks NextGeneration FirewallsHow Enterprises Are Harnessing Emerging Technologies in CybersecurityWorldwide Security Information and Event Management Forecast, 2025--2029: Continued Payment for One's SIEMsAccess More ResearchWebinarsThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMeasuring Ransomware Resilience: What Hundreds of Security Leaders RevealedMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsElectronic Warfare Puts Commercial GPS Users on NoticeElectronic Warfare Puts Commercial GPS Users on NoticebyRobert Lemos, Contributing WriterOct 21, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMeasuring Ransomware Resilience: What Hundreds of Security Leaders RevealedThu, Oct 23, 2025 at 11am ESTMore WebinarsWhite PapersThe NHI Buyers GuideThe AI Security GuideTop 10 Identity-Centric Security Risks of Autonomous AI AgentsModern DevSecOps: 6 Best Practices for AI-Accelerated SecurityThriving in the Age of AI: 6 Best Practices for Secure InnovationExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

Cybercriminals are increasingly leveraging generative AI tools to strengthen phishing, deepfake impersonation, and synthetic identity operations against African organizations, according to a Microsoft “Digital Defense Report 2025” highlighted by contributing writer Robert Lemos. The report, corroborated by threat intelligence firm Group‑IB, indicates that deepfake‑related fraud has almost tripled in the last year, especially voice‑cloning scams that benefit from AI’s ability to produce native‑sounding audio. Phishing remains the most common attack vector on the continent, but AI has boosted its effectiveness, enabling attackers to craft messages in local languages, embed cultural context, and automate outreach—resulting in 54 % click‑through rates, which is four and a half times higher than conventional phishing.

The rise of AI has dramatically shortened reconnaissance timelines: “AI‑generated content is flooding digital spaces, overwhelming traditional detection systems and enabling deepfake‑enabled fraud, voice cloning, and the creation of synthetic identities at scale,” Kerissa Varma, Microsoft’s chief security advisor for Africa, explains. In practice, synthetic identities are now employed at nearly triple the previous frequency, allowing fraudsters to bypass identity verification and target organizations with more convincing requests. Nation‑state actors are also adopting AI across entire attack chains, with Microsoft reporting over 150 cybersecurity incidents tied to nation‑state adversaries in the region, half of which are based in Egypt, South Africa, or Ethiopia.

Country‑level data show Egypt, Morocco, Algeria, and South Africa as the most frequently targeted nations. Group‑IB’s CEO Dmitry Volkov reports approximately twice as many attacks in the past year compared with the prior year. While phishing remains the most widespread threat, business email compromise (BEC) has become the most successful. BEC operations are now centered in South Africa and Nigeria, with BEC campaigns accounting for 21 % of successful attacks in Africa versus only 2 % globally; ransomware claims 16 % of successful incidents regionally. The proliferation of BEC infrastructure and money‑mule recruitment in these hubs underscores the need for tighter email authentication and fraud‑prevention controls.

Beyond traditional attacks, the report identifies an uptick in “vishing” or video‑based phishing that exploits AI‑generated voice and video to deceive financial institutions, executives, and government officials. Group‑IB’s Volkov notes that AI‑powered social engineering is expanding, allowing attackers to script convincing call center operations, manage large fraud funnels, and more effectively manipulate potential victims at the top of the funnel. The infiltration methods are now more sophisticated, with attack scripts refined by machine learning models to adapt to target responses.

The growing sophistication of African cyber threats is compounded by uneven cybersecurity investment across the continent and rapid digital transformation, creating fertile ground for both financially motivated groups and state‑linked actors. Several Southeast Asian syndicates have migrated operations into Africa, using AI to polish scam scripts and optimize call‑center workflows. The presence of these cross‑border groups adds another layer of complexity to the region’s threat environment.

In terms of mitigation, African nations have begun aligning cybersecurity efforts through initiatives like the African Union’s Malabo Convention, which aims to protect personal data and enhance overall resilience. According to Varma, the convention has been ratified by 15 member states and promotes a risk‑based approach that encourages interoperability and reduces duplication among nations. She urges boards and CEOs to treat cybersecurity as a core business risk, tracking key metrics and aligning control frameworks accordingly. Furthermore, organizations are encouraged to adopt AI‑aware strategies, assessing the dual nature of AI—its benefits and risks—and preparing for a post‑quantum cryptographic landscape.

To adapt to the AI‑driven threat wave, Lemos stresses the need for organizations to evolve detection capabilities, authentication mechanisms, and user awareness programs. This includes deploying AI‑enabled security tools capable of spotting synthetic voices or manipulated video content, enforcing multi‑factor authentication to counter BEC, and conducting continuous user training that addresses new social‑engineering techniques. Collaboration between the private and public sectors remains essential; Volkov points out that joint investigations and real‑time information sharing help dismantle cybercriminal networks and act as a deterrent. The report suggests that every apprehended cybercriminal can prevent thousands of future incidents, highlighting the importance of coordinated law enforcement actions across borders.

Overall, the article portrays a rapidly evolving cyber environment in Africa where generative AI is magnifying the scope, speed, and authenticity of attacks. It underscores that the continent’s growth in connectivity, combined with uneven security posture, is being exploited by both criminal syndicates and nation‑state actors. At the same time, emerging regional frameworks and a growing focus on cyber collaboration present opportunities for stakeholders to build more resilient defenses, particularly through advanced threat detection, robust authentication, and comprehensive, AI‑centric risk planning.