UAE Warns of 500,000-700,000 Daily Iran-linked Cyberattacks

According to the Abu Dhabi Emergency, Crisis and Disaster Management Center's "Cybersecurity Awareness Guide During Crises," the UAE is currently facing between 500,000 and 700,000 cyberattack attempts per day, as reported by The Media Line and Gulf News. The guidance attributes a portion of the surge to hostile actors linked to Iran and to a network of proxy organisations, per The Media Line. The report and related coverage state attackers are using AI tools such as ChatGPT for reconnaissance, data collection, identifying system vulnerabilities, and generating sophisticated phishing emails and malware. The guidance also reports a 32% increase in phishing incidents in Q1 2026 and highlights the use of AI-generated audio and video deepfakes to amplify misinformation.

Per SC Media and The Cyber Express reporting, the incident set of techniques attributed to the hostile actors includes automated reconnaissance and vulnerability scanning, large-scale social engineering via AI-crafted phishing content, and use of deepfake media for disinformation campaigns. The published guidance notes the activation of the UAE National Cyber Security Operations Centre and deployment of AI-enabled defensive tools and advanced threat intelligence systems; reporting also describes national exercises and a zero-trust posture as part of the defensive posture.

Industry-pattern observations: adversaries increasingly combine large language models and generative media with commodity automation to scale classical techniques. Automated content generation lowers the marginal cost of producing convincing spear-phishing messages and enables rapid tailoring of lures at scale. Separately, synthetic audio and video reduce the friction of influence operations by producing targeted, plausible content faster than manual editing workflows.

the scale described in the UAE guidance-hundreds of thousands of daily attempts-underscores two pressures for defenders. First, defenders must invest in detection that prioritises high-risk interactions rather than inspecting every noisy event. Second, public-facing channels and critical infrastructure face amplified social engineering and misinformation risk when deepfakes and targeted phishing are used together. For security teams, this raises operational trade-offs between signal fidelity, automated blocking, and customer experience.

• •Indicators of escalation: sustained increases in credential-phishing success rates, spikes in account-takeover incidents, or confirmed compromises of critical infrastructure systems reported by national CERTs.
• •Tooling trends: wider public reporting of actor use of LLMs or commodified DDoS services tied to named proxy groups.
• •Defensive adoption: reporting on enterprise adoption of AI-based detection, expanded multi-factor authentication rollout metrics, and public-private information-sharing exercises.

Editorial analysis: organisations facing similar threat profiles typically emphasise layered controls (MFA, anomaly-based detection, email authentication like DMARC), rapid incident triage, and public awareness campaigns. The UAE guidance and SC Media reporting echo these measures and add nationwide simulation exercises and bilingual public education as mitigation steps. Observers should monitor whether incident reports shift from volumetric noise to more targeted, high-impact intrusions as adversaries refine AI-assisted workflows.