Government and industry reporting highlighted ransomware and hybrid cyber activity increasingly intersecting with geopolitical conflict and critical infrastructure risk. The UAE Cyber Security Council said it thwarted a ransomware operation targeting the country’s “digital infrastructure and vital sectors,” describing attempted network intrusions, ransomware deployment, and phishing, and alleging the use of AI-enabled tooling to increase sophistication; the statement did not attribute the activity publicly but came amid broader reporting on Iran-linked cyber pressure against the UAE. In Romania, the head of the National Cybersecurity Directorate warned that recent ransomware incidents affecting critical services (including the national water agency and energy providers) appear systematic and aligned with Russian strategic interests, with attacks claimed by or attributed to Russian-speaking groups including Qilin and Gentlemen.
Separately, Air Côte d’Ivoire confirmed a cyberattack impacting parts of its information system after the INC ransomware group claimed theft of 208 GB of data and threatened publication if a ransom was not paid; the airline said it notified regulators (including France’s ANSSI) and engaged national and international incident response support. Broader sector analysis reported manufacturing as a leading ransomware target due to interconnected IT/OT environments, legacy systems, and high downtime costs, with surveys indicating a significant portion of manufacturers paid ransoms in 2025 and median payments around $1M. Strategic context reporting assessed Russia is likely to escalate coordinated hybrid warfare (cyber, influence, sabotage) against NATO members, while public-opinion polling in several NATO countries showed majorities view disruptive cyberattacks on hospitals or power grids as potential acts of war—underscoring rising expectations for stronger state responses to such campaigns.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
In its 2026-02-24 statement, the UAE Cyber Security Council characterized the attempted ransomware campaign as 'of a terrorist nature' and said the attackers used artificial intelligence to develop more sophisticated offensive tools. The claim was presented amid broader concerns about alleged Iran-linked cyber activity targeting the UAE.
On 2026-02-24, the UAE said it stopped a ransomware incident targeting the country's digital infrastructure and vital sectors. The UAE Cyber Security Council said the activity involved intrusion attempts, ransomware deployment efforts, and systematic phishing against national platforms.
Ukraine, Moldova, and Romania signed a memorandum in Kyiv to strengthen regional cooperation against Russian cyber threats. The agreement was reported in the context of growing warnings about Moscow-linked cyber activity across the region.
On 2026-02-23, Romania's top cybersecurity official said recent ransomware attacks on the country's critical infrastructure, including the national water agency and energy providers, likely formed part of a broader Russian hybrid campaign. He said some incidents were claimed by or attributed to Russian-speaking groups such as Qilin and Gentlemen and appeared to coincide with Romanian political decisions and support for Ukraine.
On 2026-02-23, Air Côte d'Ivoire publicly confirmed the cyberattack and said it had notified France's ANSSI and Côte d'Ivoire's regulator ARTCI. It also said CI-CERT and international experts were investigating the scope of any data breach and potential impact on providers, passengers, and employees.
Following the February 8 incident, the INC ransomware gang claimed responsibility for the attack on Air Côte d'Ivoire, alleging it stole 208 GB of data. The group threatened to publish the data unless a ransom was paid by 2026-02-24.
On 2026-02-08, Air Côte d'Ivoire said a cyberattack affected parts of its information system, prompting business continuity measures and the involvement of technical teams to maintain flight and operational continuity. The airline later said flight operations remained stable and compliant with safety standards.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
therecord.media
Open sourcetherecord.media
Open sourcetherecord.media
Open sourcetechtarget.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.