Africa Becomes New Epicentre of Global Cyber Attacks as AI-Driven Threats Surge

Africa is facing an unprecedented escalation in cyber threats as global geopolitical tensions, advances in artificial intelligence, and the continent’s rapid digital expansion combine to create fertile ground for sophisticated attacks. According to the 2025 State of Cyber Security Report, Africa has become a central target in global cyber-espionage efforts, disinformation operations, ransomware attacks, and large-scale credential theft. Threat actors linked to China, Russia, and Iran have expanded their footprint across African networks, exploiting security gaps in both government systems and critical infrastructure.

One of the most notable developments is the expansion of Chinese state-linked cyber espionage throughout Africa. The Sharp Dragon campaign, highlighted in the report, specifically infiltrated African government institutions using Cobalt Strike beacons to burrow deep into networks, exfiltrate sensitive information, and maintain long-term covert access. This marks a significant evolution in China’s intelligence strategy on the continent, aligning with its political and economic ambitions. Other China-affiliated groups, such as Water Sigbin 8220, continued exploiting legacy systems running Oracle WebLogic, while broader Chinese operations increasingly leveraged large ORB networks—clusters of hijacked IoT devices—to target African telecom operators and government platforms.

These campaigns were not isolated to China alone. African governments were swept into wider global cyber operations originally aimed elsewhere. Iranian and Russian-affiliated espionage groups extended their activities to African ministries, communication bodies, and critical infrastructure in order to harvest intelligence, disrupt public systems, and secure long-term access inside national networks. This makes Africa a significant arena in the broader geopolitical cyber struggle between global powers.

At the same time, the continent has become increasingly vulnerable to AI-driven disinformation, especially during election periods. With more than 15 African elections taking place between 2023 and 2024, foreign actors deployed deepfake videos, fabricated media, fake social accounts, and divisive political messaging to manipulate public opinion. The report notes that AI tools were used in at least one-third of global elections, including those in Africa, amplifying ethnic, political, and social tensions—particularly in West and East African nations. This trend mirrors global patterns in which Russia and China deploy bots and synthetic media to influence voter behaviour and destabilize democratic processes.

Ransomware attacks are also on the rise, particularly against Africa’s already-strained healthcare systems and public institutions. With many organizations operating on limited cyber budgets and outdated security tools, attackers increasingly opt for data-theft extortion rather than full system encryption. Groups such as RansomHub, BianLian, Qilin, and Medusa have been linked to breaches in Africa, stealing medical records, government data, and internal communications before threatening to leak them unless paid. This approach not only compromises sensitive information but also erodes public confidence in essential services.

Another major concern highlighted in the report is the rapid spread of infostealers across the continent. These malicious tools—designed to capture passwords, session cookies, crypto wallets, and cloud login details—have become a widespread threat as they overwhelmingly infect personal devices. With more than 70% of compromised devices globally being personal rather than corporate, African businesses are left exposed when attackers reuse stolen credentials to infiltrate corporate systems. Infostealers such as Lumma, RedLine, StealC, and Atlantida are being sold cheaply on dark-web markets and have been used to breach African fintech platforms, telecom systems, and government portals.

Hacktivist groups have also intensified their operations against African governments, especially those with strong ties to Western nations or international organizations. Many of these groups, though posing as independent activists, are aligned with Iranian or Russian state interests. Their activities range from website defacement and data leaks to the deployment of destructive malware meant to disrupt public operations and send political messages. This positions Africa at the intersection of global ideological and political cyber conflicts.

Critical infrastructure—particularly the telecom sector—is now a priority target for state-backed actors seeking strategic advantage. Chinese-linked groups such as Salt Typhoon and Volt Typhoon have been observed attacking global telecommunications providers, including those servicing African markets. Their aim is often to intercept traffic, harvest metadata, or establish persistent surveillance points within backbone networks, posing severe risks to national security and economic stability across the continent.

Overall, the report signals a clear shift: Africa is no longer on the periphery of global cyber operations but at the heart of them. The continent’s growing geopolitical relevance, rapid digital transformation, expanding fintech ecosystem, and widespread cloud adoption—combined with weak or outdated security controls—have made it an attractive battlefield for cyber actors. The most pressing threats for Africa in 2025 include state-sponsored espionage, AI-driven election interference, ransomware attacks on hospitals and government agencies, widespread infostealer infections, supply-chain breaches, and deep infiltration of telecom networks. The report concludes that African nations must now treat cyber threats as national-security issues rather than isolated IT problems, as the stakes continue to grow across governments, businesses, and society.