Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Zain Group

Zain Group Vendor Cyber Rating & Cyber Score

zain.com
in
Add Your Compliance Badge
ISO 27001
SOC 2 Type 1
SOC 2 Type 2
PCI DSS
HIPAA
GDPR

Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 51.3 million active customers as of 30 September 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Saudi Arabia, Sudan and South Sudan. Headquartered in the UAE, ZainTECH, the Group’s one-stop digital and ICT solutions provider, is playing a key role in the digital transformation of enterprise and government clientele across the MENA region. Also UAE based, Zain Omantel International (ZOI) is revolutionizing the international telecommunications wholesale landscape as the premier wholesale powerhouse serving regional operators,


Zain Group A.I CyberSecurity Scoring

Incident Details
Zain Group
Company Information
Website:https://www.zain.com
Employees number:16,153
Number of followers:52,224
NAICS:517
Industry Type:Telecommunications
Homepage:zain.com
Cyber Premium EstimationGet Supply Chain
Zain Group Risk Score (AI oriented)
Between 750 and 799
logo
Zain GroupTelecommunications
Updated:
04/04/2026
776/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Zain Group Global Score (TPRM)
xxxx
logo
Zain GroupTelecommunications
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Zain Group
Zain GroupFair
Current Score
776Baa (FAIR)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JUNE 2026
777Before Incident
MAY 2026
776Before Incident
APRIL 2026
776Before Incident
MARCH 2026
776Before Incident
FEBRUARY 2026
776Before Incident
JANUARY 2026
776Before Incident
DECEMBER 2025
775Before Incident
NOVEMBER 2025
775Before Incident
OCTOBER 2025
775Before Incident
SEPTEMBER 2025
775Before Incident
AUGUST 2025
775Before Incident
JULY 2025
775Before Incident
JUNE 2021
778Before Incident
Cyber Attack
16 Jun 2021Zain Group
Telecommunications company in the Middle East

Exploitation of CVE-2025-53770 (ToolShell) in Microsoft SharePoint by China-Linked Threat Actors

761After Incident
CRITICAL-17
ZAI2703327102325
Threat actors linked to China exploited the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint to breach a Middle Eastern telecommunications company shortly after its public disclosure in July 2025. The attack involved bypassing authentication and achieving remote code execution (RCE) on on-premise SharePoint servers, enabling persistent and stealthy access for credential theft and espionage. The Salt Typhoon (Glowworm) group deployed malicious tools like Zingdoor, ShadowPad, and KrustyLoader, a Rust-based loader previously tied to China-nexus espionage campaigns. The attackers aimed to exfiltrate sensitive data, establish long-term access, and likely gather intelligence for geopolitical or economic advantage. While no explicit data leak was confirmed, the compromise of a telecom provider—a critical infrastructure sector—poses risks to national security, customer privacy, and regional stability. The attack aligns with broader campaigns targeting government agencies, universities, and financial institutions globally, suggesting a coordinated effort by multiple Chinese state-sponsored groups. The use of living-off-the-land (LotL) techniques and privilege escalation exploits (e.g., CVE-2021-36942/PetitPotam) further obscured detection, increasing the potential for unauthorized lateral movement across networks.
INCIDENT DETAILS -
TYPE
Cyber EspionageUnauthorized AccessData BreachMalware Deployment
MOTIVATION
EspionageCredential TheftPersistent Access
IMPACT
CredentialsPotentially Sensitive Government/Telecom/Financial DataMicrosoft SharePoint Servers (On-Premise)SQL ServersApache HTTP Servers with Adobe ColdFusionDomain Controllers (via CVE-2021-36942)Brand Reputation Impact: Potential reputational damage to affected entities (e.g., telecom company, government agencies)Identity Theft Risk: High (due to credential theft)
DATA BREACH
CredentialsPotentially Government/Telecom/Financial DataSensitivity Of Data: High (government, telecom, financial sectors targeted)Data Exfiltration: Likely (for espionage purposes)
REFERENCES
Blog URLSource URL

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Zain Group ?
?
What was Zain Group's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in August 2025 ?
?
What was Zain Group's A.I Rankiteo Cyber Score in July 2025 ?
?
What is the average per-incident point impact on Zain Group's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Zain Group ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Zain Group's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?