Threat Intelligence

Middle East malicious infrastructure report highlights concentration of C2 servers

According to Security Affairs, a new report from Hunt.io reveals that a significant portion of command-and-control (C2) server activity in the Middle East is concentrated among a small number of providers, indicating a shift in how threat intelligence should be approached.

The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems. This concentration challenges traditional threat intelligence that focuses on individual indicators, which attackers frequently rotate. Providers like Türk Telekom showed high malware diversity, hosting infrastructure for multiple families, while Iraq's Regxa was flagged for bulletproof hosting, linked to espionage campaigns like Eagle Werewolf.

The observed malware includes common tools such as Cobalt Strike, AsyncRAT, and Mirai, alongside botnets and phishing infrastructure. This infrastructure often blends into legitimate commercial networks, making it difficult for defenders to block without impacting legitimate services. The findings emphasize that tracking infrastructure patterns offers a more stable view of attacker habits than chasing ephemeral indicators.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds