Kitten Had the Map all Along : RAISING GCC TENSIONS & THE PRE-POSITIONING MAP

**Threat Rating: Critical & Active.** This briefing attributes widescale pre-positioned cyber access and active operations across Jordan, UAE, Saudi Arabia, Kuwait and Israel to APT35/IRGC units (and related Iranian actors), links the activity to leaked custom malware (BellaCiao, Sagheb RAT, Python/Webshell Framework) and exploited CVEs (ConnectWise ScreenConnect, ProxyShell, Ivanti, Telerik, Log4Shell), provides IoCs and immediate defensive actions (block listed domains/IPs, emergency patching, hunt for webshells/Plink.exe, rotate admin credentials), and warns that the disclosure of source code plus concurrent kinetic strikes greatly elevates the risk of destructive follow‑on cyber operations.