Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers

This Host Radar analysis summarizes three months of telemetry (1 Feb–1 May 2026) tying 1,350+ active C2 servers and 1,459 malicious artifacts to 98 Middle Eastern infrastructure providers across 14 countries, showing heavy concentration (72% of C2s) in one major telecom (STC). The report profiles dominant malware families (IoT botnets, RMM abuse, offensive frameworks), highlights providers hosting the widest malware diversity, and documents multiple active campaigns and APT-linked operations (espionage, destructive wipers, phishing and exploit activity) to argue defenders should prioritize provider- and ASN-level tracking over disposable indicators.