Arabian Internet & Communications Services Co. Ltd.

Arabian Internet & Communications Services Co. Ltd. (AICS) operates as a telecommunications and internet service provider headquartered in Saudi Arabia. The company delivers core communications infrastructure and internet access services to its customer base, functioning within the competitive landscape of the regional ISP market. Its business activities encompass the provision of network connectivity and related telecommunications solutions, placing it among the entities responsible for maintaining digital communication channels within its operational territory. The company is known by several registered aliases, including Arabian Internet & Communications Services Co.ltd., AICS Co.ltd., and AICS Co. Ltd., reflecting its formal corporate structure. As a Saudi Arabian-based entity, its services are primarily oriented toward the domestic market, though the specific geographic reach beyond national borders is not detailed in available records. The firm's positioning is that of a standard participant in the internet service provision sector, without publicly documented specializations or unique regulatory mandates beyond the standard operational licenses required for such businesses in the region.

In January 2020, AICS was publicly identified as a victim of a sophisticated cyber intrusion attributed to a Hezbollah-affiliated threat actor, Lebanese Cedar. The attack commenced with the exploitation of vulnerabilities in internet-facing servers running Atlassian and Oracle software, which the attackers used to deploy web shells for persistent access. Following initial compromise, the threat actors moved laterally into internal networks, deploying the Explosive RAT malware to exfiltrate sensitive data. The stolen information included customer databases and private company documents, specifically telecommunications call records. This incident was not isolated; it was part of a broader, coordinated campaign that targeted multiple telecommunications companies and internet service providers across several countries. The primary objective of the campaign was intelligence gathering through the theft of proprietary and customer data. Security researchers were able to link these attacks to Lebanese Cedar based on the reuse of specific tools, tactics, and infrastructure across the various intrusions, which also revealed the widespread compromise of similar server technologies at numerous organizations globally. The event underscores the vulnerability of the telecommunications sector to state-aligned threat actors seeking to harvest communications data.