- A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle East.
- Sentinel assess it is likely that WIP26 is espionage-related.
- WIP26 relies heavily on public Cloud infrastructure to evade detection by making malicious traffic look legitimate.
- WIP26 involves the use of backdoors, titled CMD365 and CMDEmber, which abuse Microsoft 365 Mail and Google Firebase services for C2 purposes.
- WIP26 also involves the use of Microsoft Azure and Dropbox instances as
