Securityaffairs.Co
Middle East Telecoms Targeted for Command-and-Control Operations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A recent report from Hunt.io reveals that over 1,350 command-and-control (C2) servers are active across 98 providers in the Middle East, with Saudi Telecom Company (STC) responsible for over 72% of the activity. This infrastructure is often compromised customer systems, making it challenging for defenders to differentiate between legitimate and malicious traffic. The report indicates a shift in threat intelligence focus from individual indicators to infrastructure-level tracking, as attackers utilize diverse malware tools like Cobalt Strike and AsyncRAT. The findings highlight the use of trusted telecom networks as launchpads for cyberattacks, complicating defense strategies. The report emphasizes the need for a more stable view of attacker habits based on infrastructure patterns rather than ephemeral indicators. The situation poses significant challenges for cybersecurity professionals in the region.
Key Points: • Over 1,350 C2 servers identified in the Middle East, primarily through telecom providers. • Saudi Telecom Company (STC) accounts for more than 72% of regional C2 activity. • Shift in threat intelligence focus from individual indicators to infrastructure-level tracking.