AI-Powered Attacks Surge Across Africa

Cybercriminals are increasingly adopting AI to fuel their attacks against African organizations, using the technology to boost the effectiveness of phishing campaigns and execute impersonation attacks using deepfakes, experts say.

Overall, deepfake-related fraud has nearly tripled in the past year, with voice scams driving the growth in generative AI attacks, according to threat intelligence firm Group-IB. Meanwhile, phishing is the most common attack against African organizations, with attackers using AI to produce native-sounding messages and automate campaigns to achieve a 54% click-through rate — 4.5 times higher than traditional methods, according to Microsoft.

Attackers are using AI to craft phishing messages in regional languages with appropriate cultural contexts, impersonating trusted individuals and exploiting familiar platforms, says Kerissa Varma, chief security advisor for Africa at Microsoft.

“Africa is increasingly being targeted by identity-based and AI-driven threats — and AI has significantly reduced the time attackers need for reconnaissance,” she says. “AI-generated content is flooding digital spaces, overwhelming traditional detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale.”

Related:MuddyWater Targets 100+ Gov Entities in MEA With Phoenix Backdoor

Overall, both companies have seen attacks climb quickly in the region, with attackers increasingly integrating AI into the attack pipeline. The use of synthetic identities to bypass verification checks has nearly tripled, while nation-states have adopted AI throughout their operations, Microsoft stated in its “Digital Defense Report 2025” published in mid-October.

Egypt, Morocco, Algeria, and South Africa remain the top four countries most frequently targeted by attackers, according to Group-IB. The number of detected attacks has roughly doubled in the past year, says Dmitry Volkov, CEO of the threat intelligence firm.

“Overall, we’re seeing a clear convergence of financially motivated groups and state-linked actors operating in the region, taking advantage of rapid digital transformation, uneven cybersecurity investment, and regional connectivity growth,” he says.

Cybercrime Hubs in Nigeria and South Africa

While phishing is the most prevalent threat affecting organizations in Africa, business email compromise (BEC) has become the most successful, with both South Africa and Nigeria becoming hubs for BEC infrastructure and money-mule recruitment, Microsoft stated in its report. BEC attacks account for just 2% of observed threats worldwide, but 21% of the successful attacks in Africa are variants of the attack, the company stated. Ransomware accounts for 16% of successful attacks.

Related:Asian Nations Ramp Up Pressure on Cybercrime ‘Scam Factories’

A map showing that a great deal of business e-mail compromise (BEC) campaigns come out of four countries in the Africa region. Source: Microsoft “Digital Defense Report 2025”

AI has also contributed to increased popularity of social engineering attacks against businesses in the Middle East and parts of Africa, with video-based phishing — “vishing” —  attacks leveraging AI technologies to pose serious risks to financial institutions, executives, and government officials, says Group-IB’s Volkov.

“Overall, AI is amplifying both the scale and credibility of social engineering and fraud campaigns in the region. Organizations must evolve their detection, authentication, and awareness strategies to keep pace with this new wave of AI-driven threats,” he says.

Part of the increasingly threatening landscape is the result of Southeast Asian cybercriminal syndicates moving into the region. Organizations in Egypt, Morocco, Algeria, and South Africa are most frequently targeted by these cybercriminal groups. They are also using AI technologies to improve scam scripts, better manage their call center operations, and more effectively target and manipulate potential victims at the top of the fraud funnel, Volkov says.

Microsoft has also seen an uptick in nation-state threats targeting organizations in the region, with more than 150 cybersecurity attacks linked to nation-state actors, including over half in Egypt, South Africa, and Ethiopia, according to Microsoft.

Related:China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool

A Global Cybersecurity Approach

Organizations and national governments are stepping up. African nations have already started to harmonize their approaches to cybersecurity across borders to include a focus on risk, promoting interoperability, and reducing duplication across borders, Microsoft’s Varma says. She pointed out that the African Union’s Malabo Convention — which aims to protect personal data and enhance cybersecurity — has been ratified by 15 African Union member states to date.

“Treat cybersecurity as a core business risk — boards and CEOs should track key metrics … and align security controls to business risks,” she says, adding that, to keep up with attackers’ use of AI, organizations need to “start AI and quantum risk planning [by] assess[ing] both the benefits and risks of AI, and begin planning for post-quantum cryptography.”

Organizations also need to gauge their ability to understand what threats are targeting their operations and work with local and regional cybersecurity communities to share information in as near real-time as possible, says Group-IB’s Volkov.

“Public and private sector collaboration is equally vital,,” he says, “as more joint investigations between regional and international entities have proven effective, as every arrested cybercriminal can prevent thousands of future incidents while sending a powerful deterrent message to others.”