WIP26 attacks Middle Eastern telecom service providers

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

The newly discovered WIP26 threat cluster is an espionage-focused group that has been concentrating on infiltrating Middle Eastern telecom companies. To evade detection, the group heavily relies on public cloud infrastructure to mask their malicious communication as legitimate. In addition, they use CMD365 and CMDEmber backdoors to gain access to their targets’ networks.