Hackers Exploit Middle East Telecoms for Massive C2 Operations

The Hunt.io report finds that attackers are extensively abusing Middle Eastern telecom and hosting providers to host large-scale C2 infrastructure—1,357 C2 servers across 98 providers, with Saudi Telecom Company accounting for the majority—supporting both commodity botnets and advanced post-exploitation tools (e.g., Cobalt Strike, Sliver) to enable ransomware, cryptomining, and espionage campaigns; it recommends prioritizing infrastructure- and provider-level tracking (ASNs, hosting patterns) to proactively detect and disrupt operations.