Top US internet hosting company acting as global cybercrime center

Date:
Wed, 02 Aug 2023 13:43:03 +0000

Description:
Some two dozen hacking collectives were using Cloudzy services, including state-sponsored players.

FULL STORY ======================================================================

A well-known US web hosting company has been found to be providing its services to more than 20 state-sponsored hacking groups, including those working for China, North Korea, and Russia.

Cybersecurity researchers from Halcyon reported a company called Cloudzy was either knowingly or unwittingly providing its servers for command-and-control functionality to well-known state-sponsored hacking collectives. Among its customers are APT10 (China), Kimsuky (North Korea), Turla, Nobelium, and
FIN12 (Russia).

Other groups, the researchers further claim, include those working for Iran, Pakistan, Vietnam, and even Israel. An Israeli company named Candiru made its way on the list. Its a firm selling smartphone spyware to governments and
was, according to TechCrunch , blacklisted by the U.S. government in 2021 for activities that undermined the countrys national security.

Roughly half of all of Cloudzys servers were used for malicious work, the researchers added.

Deeper investigation also uncovered that Cloudzys management went to lengths to stay hidden. The company claims to work from New York City and is registered in Wyoming, however its support phone number leads to Las Vegas. Halcyon claims, with high confidence, that the people that set up Cloudzy
only did it to create a front for AbrNOC, an Iranian cloud hosting company. Both firms have the same logo (albeit in different colors) and the employees listed on both websites are the same (both made up names, the researchers claim). The CEO of AbrNOC is apparently called Hannan Nozari, and his Twitter bio shows him as a founder both web hosting companies, it was said.

While TechCrunchs journalists couldnt get ahold of Nozari, Reuters allegedly did, and he told the agency Cloudzy wasnt responsible for what its clients were doing and that the firm was doing everything we can to eliminate them.
He added that only 2% of the companys clients were malicious. Analysis: Why does it matter?

To set up identity theft , or similar criminal campaigns, cybercriminals need infrastructure. They need servers to host malicious landing pages, and
storage space to store and later analyze stolen data. Respectable web hosting agencies do not allow their customers to engage in malicious activities and have strict policies preventing users from creating malicious websites, landing pages, and more.

In this particular case, cybersecurity researchers stumbled upon a company that provided its services to two dozen nation-state actors. These are not your average cybercriminals. These groups count dozens of members (if not hundreds) and operate in a highly coordinated manner, usually for one goal - data harvesting and cyber espionage. State-sponsored threat actors are
usually going after persons of high interest, such as politicians and diplomats, journalists, activists, scientists, and similar.

APT10, for example, was spotted back in 2019 exploiting the ZeroLogon vulnerability against companies in the industrial, automotive, pharmaceutical and engineering sectors, and located in Japan. Symantec, which discovered the campaign, found that the AP10 group employed a range of tools in the
campaign, including network reconnaissance, credential theft, PowerShell scripts and RAR archiving. DLL side-loading was also used to inject a form of custom malware, dubbed Backdoor.Hartip.

In early June this year the FBI, together with a number of partner agencies, warned about Kimsuky impersonating journalists, academics, or other credible individuals, with the goal of enabling computer network exploitation against individuals employed by research centers, think tanks, academic institutions, and news media organizations. Turla, on the other hand, was recently dismantled by the FBI. It was said that it was stealing sensitive data from NATO for almost 20 years.

By disrupting their infrastructure, the researchers did two things - set the spies back significantly, and protected the privacy (and possibly even lives) of countless individuals. Furthermore, once law enforcement agencies seize
the servers and see the contents stored there, they might get a better
picture about these groups targets and goals.

This doesnt mean the hackers were stopped - this is merely a setback. It wont be long before they find a different service provider to abuse and host their malicious content on. But in any case, the discovery did stop them at least for a little while. What have others said about the findings?

The news sent out ripples across the media, with multiple outlets reporting
on the web hosting provider servicing criminals.

In its writeup, CSO Online stresses that Cloudzy allows its users to pay for the service in cryptocurrencies. While this is nothing new, and many privacy-oriented companies ( VPN providers, for example) allow for the same thing, Cloudzy allows for payments to be made in Monero, which is a privacy coin. Monero is often used by cybercriminals because its extremely difficult to trace, and ransomware operators often demand that payment be made with
this coin in particular. Go deeper

If you want to learn more, make sure to check out our list of the best shared web hosting providers , as well as our guide for the best firewalls . You should also check out our guide for the best endpoint protection , as well as best VPNs right now.

Via: TechCrunch



======================================================================
Link to news story: https://www.techradar.com/pro/top-us-internet-hosting-company-acting-as-global -cybercrime-center


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)