HQ/EMEAFind out how we can help your business
Authorities accuse Cloudzy, an American internet hosting company, of helping cybercriminals, sanctioned spyware vendors, and state-sponsored threat groups. The company is an alleged Command-and-Control Provider (C2P) that facilitates ransomware attacks and nation-backed operations by functioning as a legitimate business.
Authorities have estimated that about 40% to 60% of the activity that came from Cloudzy could be considered malicious.
Cloudzy acquired numerous patrons worldwide.
An investigation showed that Cloudzy serves various cybercriminals, including advanced persistent threat groups affiliated with countries such as North Korea, Vietnam, China, Russia, India, Pakistan, and Iran.
In addition, a sanctioned Israeli spyware vendor notorious for targeting civilians also employs the service. Separate research also showed that Cloudzy participates in other criminal and ransomware operations.
Cybersecurity experts explained that Cloudzy is a platform that functions as a Command-and-Control Provider. It could provide hackers a convenient space to launch cyberattacks, hide their online activities, and make attribution more challenging.
Furthermore, the platform could accept payment through cryptocurrency by providing anonymous access to its RDP VPS services.
Researchers believe Cloudzy has ties with a company in Fatemi Square in Tehran called abrNOC since both logos have similarities. Additionally, the authors of the blogs published by Cloudzy are authored by individuals with hidden identities or using fake names.
After substantial evidence, the researchers concluded that Cloudzy could be a decoy company for abrNOC since the latter is the primary hosting company in Iran that aids cybercriminals.
Further analysis also showed that the platform has a connection to the ransomware group called Space Kook and an initial access broker, Exotic Lily.
Hence, the company could have ties with numerous groups, as Exotic Lily has previous connections with Russian cybercriminal groups like Conti and Fin12 ransomware groups. Lastly, the latest cybercriminal campaign in which Cloudzy allegedly participated is Ryuk ransomware’s attacks on healthcare institutions.
C2Ps are crucial for nation-backed hackers and threat actors to carry out their operations. Since it could maliciously operate while posing as a legitimate firm, it could continue its transactions with different groups.
Increased scrutiny and regulation of web infrastructure companies is the only countermeasure for such platforms. Organisations should have enhanced tracking and attribution capabilities and cooperate more with law enforcement agencies to take down such networks.
