UAE issues warning as Iran deploys AI for cyber attacks

Cyber attacks

The Abu Dhabi Emergency, Crisis and Disaster Management Centre has issued a warning, through its recently released Cybersecurity Awareness Guide During Crises, highlighting six cyber threats it describes as the most prevalent during emergencies. Meanwhile, Dr. Mohammed Hamad Al Kuwaiti, Chairman of the UAE Government Cybersecurity Council, revealed that Iran has recently utilised artificial intelligence tools, including “ChatGPT” and others, to engineer cyberattacks targeting the UAE.

Rising AI-driven threats

Developed in collaboration with the Department of Government Enablement, the guide—published in both Arabic and English as part of the second phase of the “Our Community is Ready” campaign—outlines six major cyber threats that tend to surge during crises.

These include phishing and online fraud, account breaches, malware, identity theft and the creation of fake social media accounts, as well as AI-enabled fraud and deepfakes. Such tactics involve voice cloning, or generating fabricated images and videos that appear to originate from trusted entities or individuals, with the aim of deception or financial fraud. Data leaks through untrusted websites also remain a significant concern.

The guide aims to raise public awareness of cyber risks and promote safe digital practices, enabling individuals to protect their personal data and online accounts when using various digital services—particularly during emergencies and exceptional circumstances.

Preventive guidelines

It provides key preventive measures to mitigate cyber risks, enhance community awareness, protect individuals and institutions, and ensure business continuity.

The guide notes that cyberattacks tend to escalate during crises due to several factors, including the exploitation of fear and confusion, which makes individuals more susceptible to deception; rushed digital decision-making without proper verification; the spread of misinformation and unverified news; and increased reliance on unofficial channels for information or services.

Indicators of fraud attempts

The guide identifies several warning signs of potential fraud attempts, including urgent requests for personal information or verification codes, suspicious or unknown links, unexpected requests for money transfers, messages claiming improbable prizes or unrealistic offers, login alerts from unfamiliar devices, and unsolicited voice or video messages requesting sensitive information. It also warns against messages written in an unusual style or those that appear excessively formal, as well as impersonation of official or trusted entities.

Individuals are advised to avoid common mistakes such as clicking on unknown links, reusing passwords across multiple platforms, downloading applications from unofficial sources, uploading files or entering data on untrusted websites, sharing one-time passwords (OTP), responding hastily to suspicious messages, and resharing unverified content.

Essential crisis-time protocols

The Centre urges the public to adhere to critical guidelines during crises, including relying solely on official sources, refraining from sharing unverified information, exercising caution messages exploiting exceptional circumstances, verifying the authenticity of audio and video content before resharing, avoiding panic-driven responses, and following official cybersecurity instructions. It also cautions against using educational email accounts on public platforms, particularly gaming applications, to prevent account breaches or misuse.

The Centre emphasised that fear-inducing messages, urgent requests for information, unusual communication styles, and impersonation of official entities are common tactics used by fraudsters to pressure individuals into making rushed digital decisions.

AI-powered cyberattacks attributed to Iran

Dr. Mohammed Al Kuwaiti confirmed that artificial intelligence has become an integral component of modern cyberattack toolkits—not merely a supplementary aid. He noted that hostile actors, including Iran, are using AI for reconnaissance, data gathering, vulnerability detection, enhancing phishing messages, developing malware, and producing misleading or fabricated content to support information warfare.

He highlighted that recent attacks demonstrate a qualitative shift in cyberattack methods, with AI enabling faster, more convincing, cost-effective, and widely scalable operations.