DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Africa: Ground Zero for the Global Cyber War

Patrick Duggan
Dec 1, 2025
4 min read

The Continent Under Siege - 3,286 Attacks Per Week

December 1, 2025

While the cybersecurity industry obsesses over North American and European threats, Africa has quietly become the most attacked region on the planet. According to INTERPOL's 2025 Africa Cyberthreat Assessment and Check Point's Q1 2025 report, African organizations face 3,286 weekly attacks - 60% higher than the global baseline.

This isn't future tense. This is happening now.

The Numbers That Should Terrify You

| Country | Weekly Attacks/Org | Key Incidents | |---------|-------------------|---------------| | Nigeria | 4,200 | National Bureau of Statistics hacked | | Kenya | 3,468 | 2.54B incidents in Q1 2025, energy grid targeted | | Ethiopia | #1 in EMEA | Highest attack volume in Europe/Middle East/Africa | | South Africa | 22% of continent | Department of Defence breached (1.6TB lost) |

Kenya's 2.54 billion incidents in three months. That's not a typo. That's a digital war.

Who's Attacking Africa?

Ransomware Operators (The Usual Suspects)

• Devman - 28.6% of SA ransomware (dominant player)

• Everest - Top ransomware group in MEA

• Snatch - Hit SA Department of Defence, stole 1.6TB including President's contacts

• Warlock, Incransom, Arkana - Each 9.5% of observed incidents

• RansomHub, Medusa, BianLian - Healthcare, provincial government targets

The New Threat - FunkSec: FunkSec represents the terrifying future: AI-generated ransomware code, ransomware-as-a-service (RaaS) model, mass attacks at scale. They combine encryption with exfiltration - steal your data, then lock you out. Pay twice or lose everything.

Nation-State Actors

China (APT41): Kaspersky reported APT41 targeting Southern African organizations in espionage operations. Entry vector: internet-exposed web servers. Classic advanced persistent threat methodology.

Russia (GRU/SVR Affiliated): Russian cyber operators are pivoting from European targets to African entities. Why? The continent's "growing strategic importance as a geopolitical battleground."

Iran (MuddyWater, APT33, APT34/OilRig, Rocket Kitten): East and West African government systems are prime targets. Iran seeks intelligence, political leverage, and the ability to disrupt national digital services. Telecom companies in Egypt, Sudan, and Tanzania already compromised.

Organized Crime (The Money)

Black Axe - West African BEC syndicate running multi-million dollar fraud operations. Business Email Compromise remains the continent's most profitable cybercrime.

Why Africa? The Perfect Storm

1. Rapid digitization without proportional security investment - Digital transformation outpacing defensive capabilities 2. Governance gaps - Security controls "unevenly deployed" across the continent 3. Cybersecurity talent crisis - Only 20,000 experts for 1.4 billion people (need 100,000+) 4. Underground economy - SA data leaks, credentials, network access sold on dark forums 5. Geopolitical battleground - State actors see Africa as low-risk, high-reward theater

The Response: ANCA-CERT

The good news: Africa is organizing.

• Constitutional framework adopted February 2025

• Morocco hosting regional CERT for member states

• Smart Africa leading continental coordination

• Regional Cybersecurity Week 2025 in Rabat (September 15-19)

• Morocco - DGSSI hosting African Cybersecurity Forum

• Nigeria - ngCERT protecting critical infrastructure

• Mauritius - CERT-MU securing financial sector

• Rwanda - RISA integrated with digital transformation

• Ivory Coast - CI-CERT with expanded compliance authority

• South Sudan - First CERT established early 2025

What Organizations Should Do

Immediate Actions: 1. Assume compromise - If you operate in Africa, you've likely been probed 2. Monitor for Devman, Everest, FunkSec IOCs - These are your primary ransomware threats 3. Segment networks - Ransomware spreads laterally 4. Air-gap backups - Offline, tested, ready to restore 5. BEC training - Black Axe succeeds because employees click

Strategic Investments: 1. Join ANCA-CERT - Regional threat intelligence sharing 2. Subscribe to threat feeds - IOC consumption at continental scale 3. Incident response planning - When, not if

IOC Focus: African Threat Actors

• Devman

• Everest

• Snatch

• FunkSec (AI-powered)

• RansomHub

• Medusa

• BianLian

• Warlock

• Incransom

• Arkana

• APT41 (China)

• MuddyWater (Iran)

• APT33/Elfin (Iran)

• APT34/OilRig (Iran)

• Rocket Kitten (Iran)

• GRU-affiliated (Russia)

• SVR-affiliated (Russia)

• T1190: Exploit Public-Facing Application

• T1566: Phishing

• T1486: Data Encrypted for Impact

• T1567: Exfiltration Over Web Service

• T1078: Valid Accounts (credential theft)

• T1071: Application Layer Protocol (C2)

The Bottom Line

Africa is not a secondary target. It's ground zero for the global cyber war. With the highest attack rate in the world, nation-state interest from China, Russia, and Iran, and emerging AI-powered ransomware operators, African organizations face existential digital threats.

The 20,000 cybersecurity experts protecting 1.4 billion people are fighting a losing battle without international support, shared threat intelligence, and serious infrastructure investment.

We're adding African threat actors and IOCs to our STIX feed. Because threat intelligence shouldn't have borders.

• [INTERPOL Africa Cyberthreat Assessment Report 2025](https://www.interpol.int/content/download/23094/file/INTERPOL_Africa_Cyberthreat_Assessment_Report_2025.pdf)

• [Check Point Q1 2025 Global Cyber Attack Report](https://blog.checkpoint.com/research/q1-2025-global-cyber-attack-report-from-check-point-software-an-almost-50-surge-in-cyber-threats-worldwide-with-a-rise-of-126-in-ransomware-attacks/)

• [CYFIRMA: Cyber Threat Landscape South Africa](https://www.cyfirma.com/research/cyber-threat-landscape-south-africa/)

• [African News Agency: Africa at Centre of Global Cyber Conflict](https://africannewsagency.com/africa-at-the-centre-of-global-cyber-conflict-threats-and-strategic-vulnerabilities-in-2025/)

• [Smart Africa ANCA Announcement](https://smartafrica.org/smart-africa-adopts-its-constitution-and-5-year-strategy-for-the-african-network-of-cybersecurity-authorities-anca-to-tackle-cross-border-cybersecurity-challenges-across-the-continent/)

• [ANCA-CERT](https://anca-cert.com/)

• [Pulse Nigeria: Nigeria Faces Most Attacks Globally](https://www.pulse.ng/articles/news/technology/nigeria-cyberattack-surge-africa-global-threat-2025-2025081214140106334)

Subscribe: STIX Feed | OTX Profile

*"Threat intelligence shouldn't have borders. The IOCs flow freely."*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]

Africa: Ground Zero for the Global Cyber War

The Continent Under Siege - 3,286 Attacks Per Week

The Numbers That Should Terrify You

Who's Attacking Africa?