Mobily

Mobily is a telecommunications provider and internet service provider headquartered in Saudi Arabia. It delivers a suite of communication services to both individual and corporate customers. These services encompass voice telephony, broadband internet, and data networking solutions. The company operates a network infrastructure that supports connectivity across the kingdom. Its customer base includes residential users, businesses, and government agencies. As a critical component of Saudi Arabia's digital ecosystem, Mobily facilitates connectivity and digital transformation. The company adheres to national telecom regulations and licensing requirements.

In January 2020, Mobily became a victim of a cyberattack attributed to the Hezbollah-linked group Lebanese Cedar. The threat actors exploited vulnerabilities in internet-facing Atlassian and Oracle products to breach the company's perimeter. Once inside, they deployed web shells such as ASPXSpy and a custom remote access trojan named Explosive RAT to infiltrate internal networks and exfiltrate data. The operation resulted in the theft of sensitive databases containing customer call records and private information. Security researchers attributed the campaign to Lebanese Cedar based on reused attack tools and operational patterns observed across more than 250 compromised servers globally. The breach demonstrated the group's capability to target high-value telecommunications assets across multiple countries. It also highlighted the risks associated with unpatched enterprise software exposed to the internet.

The breach of Mobily's systems was part of a broader campaign targeting telecom providers for intelligence collection. The exfiltrated data included customer call records and private information, aligning with the attackers' espionage objectives. Security researchers linked the attack to Lebanese Cedar through shared tools and patterns observed across more than 250 compromised servers worldwide. The specific remediation steps taken by Mobily are not detailed in the available information. The incident illustrates the vulnerability of critical communications infrastructure to sophisticated threat actors. Mobily remains an operational telecommunications provider in Saudi Arabia, serving as an important component of the country's digital connectivity. The case highlights the ongoing risk to telecom data and the potential consequences of cyber espionage.