Researcher Aleksandr Kalinin said card owners in Bahrain, Kuwait, the United Arab Emirates, Saudi Arabia, Qatar and the Sultanate of Oman had been affected.
"The stolen payment card data is often put up for sale on underground forums or used in further fraudulent activities," Kalinin, the head of Group-IB's Computer Emergency Response Team, said.
"[The] Group-IB Threat Intelligence team continuously analyses compromised cards data all over the world. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8 million payment cards were uploaded to card shops monthly."
"Credentials were not leaked from government systems, which are most likely safe and secure, but from the individuals who used them for personal purposes," said Kalinin.
"However, with the credentials from government websites, hackers can not only obtain classified information, but also infiltrate government networks and maintain presence while remaining unnoticed for long periods.
Group-IB said special spyware may have been used to steal user credentials – form-grabbers and keyloggers, such as Pony Formgrabber and AZORult.
The Persian Gulf region was in the spotlight recently, when a Reuters report detailed how the UAE used the services of a group of American hackers to track Al Jazeera officials and other Arab media personalities.
And last year, iTWire reported that British spyware company Gamma Group was facing legal action from four Bahrainis who claimed the company knowingly sold its wares to the Bahraini Government knowing that it would be used to crack down on dissidents like them during the Arab spring of 2011.
Yaqoob Al-Awadhi, chief executive of global system integrator NGN International, said the financial theft online had gone up significantly from 2017 to 2018.
"The attacks lately have evolved a lot as attackers are beginning to use artificial intelligence and machine learning to bypass the defence, attempting what is known as ‘low-and-slow’ attacks," he explained.
"What is important is that successful struggle with such cyber attacks is possible. It is extremely important to react to them in time and correctly, as well as to build a competent comprehensive protection system in advance."