A cyber espionage campaign targeting sensitive institutions in Libya has been uncovered, raising concerns about the security of critical systems across the country.
According to a report by a cybersecurity platform, the attacks affected an oil refinery, a telecommunications organization, and a government body over a period from November 2025 to February 2026.
The report states that attackers used a vulnerability linked to the remote access malware AsyncRAT to gain entry into internal networks.
This allowed them to maintain access for an extended period without detection. Experts believe phishing emails were the main method used to deliver malicious files and compromise systems.
After gaining access, the attackers placed misleading files within the networks. These files appeared connected to ongoing political and social developments in Libya, which helped distract users and conceal malicious activity. This method allowed the attackers to operate quietly while collecting information and monitoring systems over several months.
Security analysts say the scale and duration of the campaign suggest the involvement of a well-organized group, possibly with state backing. However, no specific source has been identified, and investigations are still ongoing to determine who is responsible.
The incident points to serious weaknesses in the protection of Libya’s vital sectors, particularly energy, telecommunications, and government institutions. These sectors are frequent targets because of the sensitive data they store and their importance to national operations.
