all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

Add to bookmarks
Feb. 16, 2023, 11:01 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

By Aleksandar Milenkoski, Collin Farr, and Joey Chen, in collaboration with QGroup


Executive Summary



  • A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle East.

  • We assess it is likely that WIP26 is espionage-related.

  • WIP26 relies heavily on public Cloud infrastructure in an attempt to evade detection by making malicious traffic look legitimate.

  • WIP26 involves the use of backdoors, dubbed CMD365 and CMDEmber, which abuse Microsoft 365 Mail and Google Firebase services for C2 …

abuse attacks backdoors chen cloud cloud infrastructure cluster cmd365 collaboration detection espionage executive infrastructure making malicious malware analysis middle east public public cloud public cloud infrastructure qgroup targeting telco telecommunication telecommunication providers threat threat actors traffic wip26

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

The who, where, and how of APT attacks – Week in security with Tony Anscombe 3 hours ago | malware.news
apt article attacks campaigns +11
Leveling the cybersecurity playing field 8 hours ago | malware.news
article blumira cybersecurity entry +4
Hardware cybersecurity leader, Flexxon, introduces Server Defender 8 hours ago | malware.news
advanced article cybersecurity defender +8
Automated pentesting in the cloud 8 hours ago | malware.news
article automated challenge cloud +10
How to revamp your cybersecurity in the middle of the chaos 8 hours ago | malware.news
article attackers chaos cybersecurity +8
6K-plus AI models may be affected by critical RCE vulnerability 10 hours ago | malware.news
ai models article attacks critical +14
Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023 11 hours ago | malware.news
article attacks link media +6
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387 12 hours ago | malware.news
amp article cisa deepfakes +8
Exploring Adlumin's Impactful Role in SMB Cybersecurity with CEO Robert Johnson and NightDragon's Dave DeWalt 13 hours ago | malware.news
2024 rsa conference adlumin ceo challenges +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

IT Security Engineer

@ People Profilers | Singapore, Singapore, Singapore
View on infosec-jobs.com

Consultant - DFIR - EMEA (SA)

@ Control Risks | Johannesburg, Gauteng, South Africa
View on infosec-jobs.com

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France
View on infosec-jobs.com