HQ/EMEAFind out how we can help your business
Cybersecurity experts at iZOOlogic have discovered an emerging threat involving the cybercriminal group dubbed “Nusa Cloud,” which first surfaced in September 2023. Nusa Cloud is a serious threat to online security because of its emphasis on spreading compromised user credentials at no cost.
The identities of the individuals behind Nusa Cloud are still unknown, as its operations are hidden behind the anonymity of the Telegram platform under the handle “@nusacloud.” Nevertheless, through in-depth analysis and investigation, iZOOlogic researchers were able to shed light on this elusive threat group and reveal its malicious activities.
The scope and complexity of Nusa Cloud’s operations set it apart from other threat actors. The threat group typically shares and exposes a large number of TXT files within combolists, with sizes ranging from 700MB to 3GB. They hunt for user credentials by searching a large area of the underground landscape. The filenames they use typically go by “Nusa#1,” “NusaBIG1.txt,” or nation-specific names like “NUSACLOUD – Korea,” “NUSACLOUD – Canada,” or “NUSACLOUD – Brazil”. This aspect offers an insight into the scope of its activities, which include victims from a variety of areas and sectors.
Individual users and employees of companies or organisations are among those who have fallen prey to Nusa Cloud’s malicious tactics. These attacks have caused repercussions, which emphasises how urgently proactive cybersecurity measures are needed to protect sensitive data and reduce the chance of compromise.
Moreover, Nusa Cloud has demonstrated an ability for evasive tactics in response to increasing attention and attempts to disrupt its activities, frequently deleting its Telegram group to avoid detection. Even though it is unclear why Nusa Cloud operates in this way, iZOOlogic researchers are keeping a close eye on its malicious activities.
Nusa Cloud has been publicly sharing stolen data free of charge, likely in an effort to generate notoriety among the cybercrime community.
Nusa Cloud’s move to openly share stolen data rather than follow other cybercriminals’ common means of making money is perhaps the most alarming aspect observed by iZOOlogic researchers. Instead of capitalising on the sale of stolen data, the threat group opts to publicise and distribute it freely. The underlying motives for this unusual approach remain unknown, although speculation implies that it might be intended to increase visibility and foster engagement within the cybercrime community.
As of September 2023, iZOOlogic experts have retrieved 1,051 combolist files, which together contain a staggering 2 billion compromised credentials from the NusaCloud channel. However, as of April 25, 2024, the channel ceased operating, which is a big step forward in the continuous attempts to lessen the threat that Nusa Cloud poses.
Joint efforts are more crucial than ever in the fight against cyber threats, especially in unravelling the intricacies of Nusa Cloud. Organisations may strengthen their defences against evolving threats and protect the digital infrastructure in this modern time by utilising innovative technology and collaborative skills. Cooperation and alertness are essential in the continuous fight against cybercrime.
