Middle East Telecoms Targeted for Command-and-Control Operations

Middle East Telecoms Targeted for Command-and-Control Operations

First seen 22 May 2026, 13:58 UTC Securityaffairs.CoGbhackersCybersecuritynewsScworld 81% similarity 66.5

Article Content

Browse articles
ThreatCluster

A recent report from Hunt.io reveals that over 1,350 command-and-control (C2) servers are active across 98 providers in the Middle East, with Saudi Telecom Company (STC) responsible for over 72% of the activity. This infrastructure is often compromised customer systems, making it challenging for defenders to differentiate between legitimate and malicious traffic. The report indicates a shift in threat intelligence focus from individual indicators to infrastructure-level tracking, as attackers utilize diverse malware tools like Cobalt Strike and AsyncRAT. The findings highlight the use of trusted telecom networks as launchpads for cyberattacks, complicating defense strategies. The report emphasizes the need for a more stable view of attacker habits based on infrastructure patterns rather than ephemeral indicators. The situation poses significant challenges for cybersecurity professionals in the region.

Key Points: • Over 1,350 C2 servers identified in the Middle East, primarily through telecom providers. • Saudi Telecom Company (STC) accounts for more than 72% of regional C2 activity. • Shift in threat intelligence focus from individual indicators to infrastructure-level tracking.

ThreatCluster AI

Timeline

2026-05-22
Hunt.io report released
Hunt.io identified over 1,350 active C2 servers across 98 providers in the Middle East, indicating a concentration of malicious activity.
Gbhackers
2026-05-22
C2 infrastructure analysis published
The report revealed that STC hosts the majority of C2 servers, complicating threat detection efforts for defenders.
Security Affairs
2026-05-22
Malware tools identified
Common malware tools like Cobalt Strike and AsyncRAT were noted as part of the C2 operations leveraging telecom infrastructure.
Cybersecuritynews

Community

Browse all →