Threat Intelligence Middle East malicious infrastructure report highlights concentration of C2 servers May 22, 2026 Share By SC Staff According to Security Affairs, a new report from Hunt.io reveals that a significant portion of command-and-control (C2) server activity in the Middle East is concentrated among a small number of providers, indicating a shift in how threat intelligence should be approached. The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems. This concentration challenges traditional threat intelligence that focuses on individual indicators, which attackers frequently rotate. Providers like Türk Telekom showed high malware diversity, hosting infrastructure for multiple families, while Iraq's Regxa was flagged for bulletproof hosting, linked to espionage campaigns like Eagle Werewolf. The observed malware includes common tools such as Cobalt Strike, AsyncRAT, and Mirai, alongside botnets and phishing infrastructure. This infrastructure often blends into legitimate commercial networks, making it difficult for defenders to block without impacting legitimate services. The findings emphasize that tracking infrastructure patterns offers a more stable view of attacker habits than chasing ephemeral indicators. Source: Security Affairs SC Staff Related Threat Intelligence Former executives plead guilty in global tech support fraud scheme SC Staff May 22, 2026 Former CEO Adam Young and former CSO Harrison Gevirtz admitted to a misprision of a felony charge. They operated C.A. Cloud Attribution, Ltd. between early 2017 and April 2022, providing services to customers known to be engaged in telemarketing and tech support fraud scams. Threat Intelligence Dutch authorities arrest two in connection with sanctioned web hosting company SC Staff May 22, 2026 The Dutch financial crime investigators (FIOD) arrested a 57-year-old company director and a 39-year-old who headed a separate firm providing internet connectivity. Threat Intelligence ‘First VPN’ service used by cybercriminals dismantled in international operation SC Staff May 21, 2026 First VPN marketed itself on Russian-speaking cybercrime forums as a reliable tool for anonymity, offering features like anonymous payments and concealed infrastructure to help users evade law enforcement. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Deauthentication Attack Defacement Denial of Service Dictionary Attack Distributed Scans Domain Hijacking Dumpster Diving Fault Line Attacks Reconnaissance You can skip this ad in 5 seconds