New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

WIP26 Abuses Cloud Infrastructure In Targeted Telco Attacks

March 2, 2023

The WIP26 threat actor targeted telecommunication providers in the Middle East with custom backdoors to gain access and exfiltrate sensitive data. Public Cloud infrastructure including Microsoft 365 Mail Microsoft Azure Google Firebase and Dropbox was used to evade detection and stay under the radar. The malware used in the operation CMD365 and CMDEmber used invalid digital signatures for defense evasion and scheduled tasks for persistence.

Featured Resources

View More Resources
image
blog

When a Web Search Becomes a Backdoor: Remote Code Execution in Codex CLI via Prompt Injection and Binary Hijacking on Windows

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher As AI coding agents gain deeper access to

Read More
image
Data Sheet

Cymulate Vero AI

Cymulate Vero AI delivers secure, domain-specific cybersecurity AI with private infrastructure and zero customer data training.

Read More
image
Data Sheet

Cymulate Threat Studio

Cymulate Threat Studio enables teams to build and customize attack simulations to validate defenses.

Read More