© 2024 CyberNews- Latest tech news,
product reviews, and analyses.

Cloud firm assisted 17 state-sponsored hacking groups


An obscure cloud service company called Cloudzy has been providing state-sponsored hackers, also known as advanced persistent threats (APTs), with internet services to spy on and extort their victims, a paper claims.

Researchers at Texas-based Halcyon said a company called Cloudzy had been leasing server space and reselling it to no fewer than 17 different state-sponsored hacking groups from China, Russia, Iran, North Korea, India, Pakistan, and Vietnam.

Cloudzy CEO Hannan Nozari disputed Halcyon’s assessment, saying that his firm couldn’t be held responsible for its clients, of which he estimated only 2% were malicious.

In an exchange over LinkedIn, Nozari told Reuters: “If you are a knife factory, are you responsible if someone misuses the knife? Trust me I hate those criminals and we do everything we can to get rid of them.”

Digital defenders say the case is an example of how hackers and ransomware gangs use small firms operating at the fringes of cyberspace to enable big hacks.

Halcyon estimated that roughly half of Cloudzy’s business was malicious, including renting services to two ransomware groups.

“It's a rogues’ gallery on that through one provider,” said Halcyon executive Ryan Golden ahead of the report’s publication.

Halcyon arrived at its conclusion by mapping out Cloudzy’s digital footprint, in part by renting servers directly from the firm and by tying it to known hacking operations.

The cybersecurity firm CrowdStrike, which wasn’t involved in the research, said that it hadn’t seen state-sponsored hackers using Cloudzy. But it had seen other cybercriminal activity connected to it.

Cloudzy's geographic base of operations is unclear.

Halcyon researchers analyzed Cloudzy’s employees’ social media, including LinkedIn and Facebook postings, and found the firm is “almost certainly" a front for another internet hosting company called abrNOC, which Nozari runs from Tehran.

Nozari, who says he lives outside Iran but would not be more specific, told Reuters the companies are separate, although he acknowledged that abrNOC employees helped with Cloudzy’s operations. He didn’t provide details.

Cloudzy is registered under its previous name, RouterHosting, in Cyprus and the US state of Wyoming, according to corporate records reviewed by Reuters and confirmed by Nozari. He said the company needed a US domicile to be able to register internet protocol addresses in America.

It’s not clear whether Nozari’s registered agent – CloudPeak Law, a Wyoming law firm based in the small city of Sheridan – was aware of the allegations against its client.

A woman who answered at CloudPeak Law’s office confirmed that her firm was RouterHosting’s agent but said that, due to client confidentiality, “that is the extent of what anyone in our firm is going to be able to tell you.” The firm didn’t respond to a follow-up email.

Cloudzy’s business model is typical of several small virtual private server providers that rent internet hosting services in exchange for cryptocurrency, no questions-asked, said Adam Meyers, an executive with CrowdStrike.

“There’s a whole ecosystem of ne’er-do-well kind of folks who are in this business,” he said.


More from Cybernews:

After talking to security expert, I deleted all Chrome extensions: they see everything

NoName hacker group targets Italy's top-tier banks

Meta ends news access for Canadian Facebook, Instagram users

Researchers ask ChatGPT to destroy humanity for science

Volvo owner Geely to release its own AI model

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked