Cryptopolytech (CPT) Public Press Pass (PPP)
News of the Day COVERAGE
200000048 – World Newser
•| #World |•| #Online |•| #Media |•| #Outlet |
View more Headlines & Breaking News here, as covered by cryptopolytech.com
Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers appeared on thehackernews.com by The Hacker News.
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
“Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone
going by the name Hassan Nozari,” Halcyon said in a new report published Tuesday.
The Texas-based cybersecurity firm said the company acts as a command-and-control provider (C2P), which provides attackers with Remote Desktop Protocol (RDP) virtual private servers and other anonymized services that ransomware affiliates and others use to pull off the cybercriminal endeavors.
“[C2Ps] enjoy a liability loophole that does not require them to ensure that the infrastructure they provide is not being used for illegal operations,” Halcyon said in a statement shared with The Hacker News.
The ransomware-as-a-service (RaaS) business model is a highly-evolving one, encompassing the core developers; affiliates, who carry out the attacks in exchange for a cut; and initial access brokers, who exploit known vulnerabilities or stolen credentials to obtain a foothold and sell that access to affiliates.
The emergence of C2P providers points to a new set of actors who “knowingly or unwittingly” provide the infrastructure to carry out the attacks.
Some of the key actors that are assessed to be leveraging Cloudzy include state-sponsored entities from China (APT10), India (Sidewinder), Iran (APT33 and APT34), North Korea (Kimsuky, Konni, and Lazarus Group), Pakistan (Transparent Tribe), Russia (APT29 and Turla), and Vietnam (OceanLotus) as well as cybercrime entities (Evil Corp and FIN12).
Also in the mix are two ransomware affiliates dubbed Ghost Clown and Space Kook which use the BlackBasta and Royal ransomware strains, respectively, and the controversial Israeli spyware vendor Candiru.
It’s suspected that malicious actors are banking on the fact that purchasing VPS services from Cloudzy only requires a working email address and anonymous payment in cryptocurrency, thus making it ripe for abuse and raising the possibility that threat actors could be weaponizing little-known firms to fuel major hacks.
“If your VPS server is suspended because of misuse or abusive usage such as prohibited uses: Phishing, Spamming, Child Porn, Attacking other people, etc.,” reads support documentation on Cloudzy’s website. “There is a $250-$1000 fine or NO WAY for unsuspension; this depends on the complaint type.”
“While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors,” the company said.
FEATURED ‘News of the Day’, as reported by public domain newswires.
View ALL Headlines & Breaking News here.
Source Information (if available)
This article originally appeared on thehackernews.com by The Hacker News – sharing via newswires in the public domain, repeatedly. News articles have become eerily similar to manufacturer descriptions.
We will happily entertain any content removal requests, simply reach out to us. In the interim, please perform due diligence and place any content you deem “privileged” behind a subscription and/or paywall.
CPT (CryptoPolyTech) PPP (Public Press Pass) Coverage features stories and headlines you may not otherwise see due to the manipulation of mass media.
First to share? If share image does not populate, please close the share box & re-open or reload page to load the image, Thanks!