Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificAfrica becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises.October 29, 2025Cybercriminals are increasingly adopting AI to fuel their attacks against African organizations, using the technology to boost the effectiveness of phishing campaigns and execute impersonation attacks using deepfakes, experts say.Overall, deepfake-related fraud has nearly tripled in the past year, with voice scams driving the growth in generative AI attacks, according to threat intelligence firm Group-IB. Meanwhile, phishing is the most common attack against African organizations, with attackers using AI to produce native-sounding messages and automate campaigns to achieve a 54% click-through rate — 4.5 times higher than traditional methods, according to Microsoft.Attackers are using AI to craft phishing messages in regional languages with appropriate cultural contexts, impersonating trusted individuals and exploiting familiar platforms, says Kerissa Varma, chief security advisor for Africa at Microsoft."Africa is increasingly being targeted by identity-based and AI-driven threats — and AI has significantly reduced the time attackers need for reconnaissance," she says. "AI-generated content is flooding digital spaces, overwhelming traditional detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale."Related:MuddyWater Targets 100+ Gov Entities in MEA With Phoenix BackdoorOverall, both companies have seen attacks climb quickly in the region, with attackers increasingly integrating AI into the attack pipeline. The use of synthetic identities to bypass verification checks has nearly tripled, while nation-states have adopted AI throughout their operations, Microsoft stated in its "Digital Defense Report 2025" published in mid-October.Egypt, Morocco, Algeria, and South Africa remain the top four countries most frequently targeted by attackers, according to Group-IB. The number of detected attacks has roughly doubled in the past year, says Dmitry Volkov, CEO of the threat intelligence firm."Overall, we're seeing a clear convergence of financially motivated groups and state-linked actors operating in the region, taking advantage of rapid digital transformation, uneven cybersecurity investment, and regional connectivity growth," he says.While phishing is the most prevalent threat affecting organizations in Africa, business email compromise (BEC) has become the most successful, with both South Africa and Nigeria becoming hubs for BEC infrastructure and money-mule recruitment, Microsoft stated in its report. BEC attacks account for just 2% of observed threats worldwide, but 21% of the successful attacks in Africa are variants of the attack, the company stated. Ransomware accounts for 16% of successful attacks.Related:Asian Nations Ramp Up Pressure on Cybercrime 'Scam Factories' A map showing that a great deal of business e-mail compromise (BEC) campaigns come out of four countries in the Africa region. Source: Microsoft "Digital Defense Report 2025"AI has also contributed to increased popularity of social engineering attacks against businesses in the Middle East and parts of Africa, with video-based phishing — "vishing" —  attacks leveraging AI technologies to pose serious risks to financial institutions, executives, and government officials, says Group-IB's Volkov."Overall, AI is amplifying both the scale and credibility of social engineering and fraud campaigns in the region. Organizations must evolve their detection, authentication, and awareness strategies to keep pace with this new wave of AI-driven threats," he says.Part of the increasingly threatening landscape is the result of Southeast Asian cybercriminal syndicates moving into the region. Organizations in Egypt, Morocco, Algeria, and South Africa are most frequently targeted by these cybercriminal groups. They are also using AI technologies to improve scam scripts, better manage their call center operations, and more effectively target and manipulate potential victims at the top of the fraud funnel, Volkov says.Microsoft has also seen an uptick in nation-state threats targeting organizations in the region, with more than 150 cybersecurity attacks linked to nation-state actors, including over half in Egypt, South Africa, and Ethiopia, according to Microsoft.Related:China-Nexus Actors Weaponize 'Nezha' Open Source ToolOrganizations and national governments are stepping up. African nations have already started to harmonize their approaches to cybersecurity across borders to include a focus on risk, promoting interoperability, and reducing duplication across borders, Microsoft's Varma says. She pointed out that the African Union's Malabo Convention — which aims to protect personal data and enhance cybersecurity — has been ratified by 15 African Union member states to date."Treat cybersecurity as a core business risk — boards and CEOs should track key metrics ... and align security controls to business risks," she says, adding that, to keep up with attackers' use of AI, organizations need to "start AI and quantum risk planning [by] assess[ing] both the benefits and risks of AI, and begin planning for post-quantum cryptography."Organizations also need to gauge their ability to understand what threats are targeting their operations and work with local and regional cybersecurity communities to share information in as near real-time as possible, says Group-IB's Volkov."Public and private sector collaboration is equally vital,," he says, "as more joint investigations between regional and international entities have proven effective, as every arrested cybercriminal can prevent thousands of future incidents while sending a powerful deterrent message to others."Read more about:Robert Lemos, Contributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesYou May Also LikeNov 13, 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.