WIP26 Abuses Cloud Infrastructure In Targeted Telco Attacks
The WIP26 threat actor targeted telecommunication providers in the Middle East with custom backdoors to gain access and exfiltrate sensitive data.
Public Cloud infrastructure including Microsoft 365 Mail Microsoft Azure Google Firebase and Dropbox was used to evade detection and stay under the radar.
The malware used in the operation CMD365 and CMDEmber used invalid digital signatures for defense evasion and scheduled tasks for persistence.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe