According to Security Affairs, a new report from Hunt.io reveals that a significant portion of command-and-control (C2) server activity in the Middle East is concentrated among a small number of providers, indicating a shift in how threat intelligence should be approached.The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems. This concentration challenges traditional threat intelligence that focuses on individual indicators, which attackers frequently rotate. Providers like Türk Telekom showed high malware diversity, hosting infrastructure for multiple families, while Iraq's Regxa was flagged for bulletproof hosting, linked to espionage campaigns like Eagle Werewolf.The observed malware includes common tools such as Cobalt Strike, AsyncRAT, and Mirai, alongside botnets and phishing infrastructure. This infrastructure often blends into legitimate commercial networks, making it difficult for defenders to block without impacting legitimate services. The findings emphasize that tracking infrastructure patterns offers a more stable view of attacker habits than chasing ephemeral indicators.Source: Security Affairs
Threat Intelligence
Middle East malicious infrastructure report highlights concentration of C2 servers

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



