{"id":219501,"date":"2026-05-25T03:20:06","date_gmt":"2026-05-25T07:20:06","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/25\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure\/"},"modified":"2026-05-25T03:20:08","modified_gmt":"2026-05-25T07:20:08","slug":"one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/25\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure\/","title":{"rendered":"One Telecom Provider Hosted Most of the Middle East \u2019s Active C2 Infrastructure"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192518\/hacking\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure.html\">One Telecom Provider Hosted Most of the Middle East \u2019s Active C2 Infrastructure<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192518\/hacking\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure.html\">https:\/\/securityaffairs.com\/192518\/hacking\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-22 03:29:37<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p>A recent report by Hunt.io mapping over 1,350 command-and-control (C2) servers in the Middle East illustrates how a small number of telecommunications providers dominate the region&#8217;s malicious infrastructure. Saudi Telecom Company (STC) hosted the most C2 servers, accounting for over 72% of the regional concentration, suggesting an alarming level of centralized command infrastructure. The findings indicate a trend where a select group of providers, including STC, ServerTech FZCO (UAE), OMC (Israel), T\u00fcrk Telekom, and Regxa (Iraq), account for a disproportionately large quantity of C2 infrastructure, pointing to a more stable and enduring threat landscape than the often-volatile malware samples. This approach to monitoring providers rather than shifting targets offers a more effective way for defenders to identify and mitigate threats. The blending of malicious and legitimate infrastructure further complicates efforts, as entirely blocking suspected providers could have operational repercussions due to the presence of lawful users.<\/p>\n<p>Key Points:<\/p>\n<p>&#8211; A single telecom provider, STC, hosts more than 72% of Middle Eastern C2 servers, highlighting the extreme concentration of malware infrastructure in the region.<br \/>\n&#8211; Infrastructure-level tracking is more effective than focusing on rotating indicators since patterns persist much longer than individual malware.<br \/>\n&#8211; Key providers not only exhibit a high volume of C2 servers but also host varied types of malicious infrastructure, which indicates a broader reusability of commercial networks by attackers.<br \/>\n&#8211; Defenders should prioritize tracking consistent provider patterns rather than short-lived malware to enhance security monitoring.<br \/>\n&#8211; Much of the malicious infrastructure is embedded in legitimate environments, complicating comprehensive blocking strategies due to overlapping legitimate user bases.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One Telecom Provider Hosted Most of the Middle East \u2019s Active C2 Infrastructure https:\/\/securityaffairs.com\/192518\/hacking\/one-telecom-provider-hosted-most-of-the-middle-east-s-active-c2-infrastructure.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219502,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-63.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32],"class_list":["post-219501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219501"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219501"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219501\/revisions"}],"predecessor-version":[{"id":219505,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219501\/revisions\/219505"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219502"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}