SaudiNet

SaudiNet, also known as SaudiNet ISP, is an internet service provider headquartered in Saudi Arabia. The organisation operates within the telecommunications sector, delivering internet connectivity services to its customer base. Its core function involves providing access to the internet, a fundamental utility for residential, commercial, and institutional clients within its operational territory. The company's infrastructure and services position it as a key component of the nation's digital connectivity landscape, facilitating online communication and data transmission for its subscribers.

In January 2020, SaudiNet was identified as one of multiple telecommunications providers and internet service providers compromised in a widespread cyber campaign. The attack was attributed to a Hezbollah-affiliated threat actor designated as Lebanese Cedar. The initial intrusion exploited vulnerabilities in internet-facing servers running Atlassian and Oracle software. Following successful exploitation, the attackers deployed web shells on the compromised systems to establish and maintain persistent access. This access was subsequently leveraged to deploy the Explosive RAT malware, a tool used for remote control and data theft. The primary objective of the operation was intelligence gathering, with the exfiltration of sensitive databases likely containing client call records and private customer information. Security researchers linked the activity to the Lebanese Cedar group through analysis of tool reuse, specific operational fingerprints, and overlaps in command-and-control infrastructure observed across compromised servers in various countries. This incident highlights the sector-specific threat faced by telecommunications entities from sophisticated, geopolitically motivated threat actors.