Threat Intelligence Malaysian government-linked campaign used hidden infrastructure for years May 18, 2026 Share By SC Staff A campaign linked to a suspected Malaysian government operation has been using hidden command and control infrastructure for years, according to new findings from Oasis Security. Researchers said the activity points to a long-running espionage effort that stayed active by masking backend systems and limiting exposure to public scanning tools, as reported by HackRead. The operation, believed to be a long-term espionage effort, has maintained its command and control infrastructure for several years by employing sophisticated techniques to avoid detection. These methods include making servers respond differently based on the type of connection, or only being accessible through specific protocols, rendering them invisible to standard internet scans. This carefully managed infrastructure shows patterns commonly associated with state-backed operations and has links to government-related networks in Malaysia. While specific targets were not disclosed, the activity is focused on intelligence gathering. Concurrently, threat actors are increasingly abusing trusted cloud platforms like Cloudflare to host malicious payloads and phishing materials, leveraging the inherent trust in these services to bypass security filters. This trend signifies a broader shift towards using infrastructure that blends into normal internet traffic, making it harder for organizations to detect and respond to cyber threats. Source: HackRead SC Staff Related Threat Intelligence Interpol operation leads to 201 arrests in Middle East and North Africa cybercrime crackdown SC Staff May 18, 2026 Operation Ramz, the first of its kind in the region, targeted phishing services, malware, and scams over a four-month period, identifying 382 suspects and nearly 4,000 impacted victims. Threat Intelligence Spotify outage caused by DDoS attack claimed by hacking group SC Staff May 18, 2026 The Islamic Cyber Resistance in Iraq-313 Team has claimed responsibility for the widespread disruption, stating they launched a distributed denial of service (DDoS) attack against Spotify's servers. Threat Intelligence Turla group evolves Kazuar backdoor into modular P2P botnet SC Staff May 18, 2026 Turla, also known as Secret Blizzard and linked to Russia's FSB, has re-engineered its Kazuar .NET backdoor, first used in 2017, into a modular botnet. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Brute Force Business Email Compromise (BEC) Deauthentication Attack Distributed Scans Domain Hijacking Dumpster Diving Fault Line Attacks Google Hacking Hybrid Attack Reconnaissance You can skip this ad in 5 seconds