Cloud company assisted 17 different government hacking groups -US
researchers
Send a link to a friend
[August 01, 2023]
By Raphael Satter and Christopher Bing
(Reuters) - An obscure cloud service company has been providing
state-sponsored hackers with internet services to spy on and extort
their victims, a cybersecurity firm said in a report to be published on
Tuesday.
Researchers at Texas-based Halcyon said a company called Cloudzy had
been leasing server space and reselling it to no fewer than 17 different
state-sponsored hacking groups from China, Russia, Iran, North Korea,
India, Pakistan and Vietnam.
Cloudzy CEO Hannan Nozari disputed Halcyon’s assessment, saying that his
firm couldn’t be held responsible for its clients, of which he estimated
only 2% were malicious.
In an exchange over LinkedIn, Nozari told Reuters: “If you are a knife
factory, are you responsible if someone misuses the knife? Trust me I
hate those criminals and we do everything we can to get rid of them.”
Digital defenders say the case is an example of how hackers and
ransomware gangs use small firms operating at the fringes of cyberspace
to enable big hacks.
Halcyon estimated that roughly half of Cloudzy’s business was malicious,
including renting services to two ransomware groups.
“It's a rogues’ gallery on that through one provider,” said Halcyon
executive Ryan Golden ahead of the report’s publication.
Halcyon arrived at its conclusion by mapping out Cloudzy’s digital
footprint, in part by renting servers directly from the firm and by
tying it to known hacking operations.
The cybersecurity firm CrowdStrike, which wasn’t involved in the
research, said that it hadn’t seen state-sponsored hackers using Cloudzy.
But it had seen other cybercriminal activity connected to it.
Cloudzy's geographic base of operations is unclear.
[to top of second column]
|
The home page of the Cloudzy internet
service provider is seen in this photo illustration taken in
Washington, U.S., July 31, 2023. REUTERS/Raphael Satter/Illustration
Halcyon researchers analyzed Cloudzy’s employees’ social media,
including LinkedIn and Facebook postings, and found the firm is
“almost certainly" a front for another internet hosting company
called abrNOC, which Nozari runs from Tehran.
Nozari, who says he lives outside Iran but would not be more
specific, told Reuters the companies are separate, although he
acknowledged that abrNOC employees helped with Cloudzy’s operations.
He didn’t provide details.
Cloudzy is registered under its previous name, RouterHosting, in
Cyprus and the U.S. state of Wyoming, according to corporate records
reviewed by Reuters and confirmed by Nozari. He said the company
needed U.S. domicile to be able to register internet protocol
addresses in America.
It’s not clear whether Nozari’s registered agent – CloudPeak Law, a
Wyoming law firm based in the small city of Sheridan – was aware of
the allegations against its client.
A woman who answered at CloudPeak Law’s office confirmed that her
firm was RouterHosting’s agent but said that, due to client
confidentiality, “that is the extent of what anyone in our firm is
going to be able to tell you.” The firm didn’t respond to a
follow-up email.
Cloudzy’s business model is typical of several small virtual private
server providers that rent internet hosting services in exchange for
cryptocurrency, no questions-asked, said Adam Meyers, an executive
with CrowdStrike.
“There’s a whole ecosystem of ne’er-do-well kind of folks who are in
this business,” he said.
(Reporting by Christopher Bing; Editing by Cynthia Osterman)
[© 2023 Thomson Reuters. All rights
reserved.]This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |