Official forum for Utopia Community
You are not logged in.
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews.
"Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone going by the name Hassan Nozari," Halcyon said in a new report published Tuesday.
The Texas-based cybersecurity firm said the company acts as a command-and-control provider (C2P), which provides attackers with Remote Desktop Protocol (RDP) virtual private servers and other anonymized services that ransomware affiliates and others use to pull off the cybercriminal endeavors.
"[C2Ps] enjoy a liability loophole that does not require them to ensure that the infrastructure they provide is not being used for illegal operations," Halcyon said in a statement shared with The Hacker News.
The ransomware-as-a-service (RaaS) business model is a highly-evolving one, encompassing the core developers; affiliates, who carry out the attacks in exchange for a cut; and initial access brokers, who exploit known vulnerabilities or stolen credentials to obtain a foothold and sell that access to affiliates.
The emergence of C2P providers points to a new set of actors who "knowingly or unwittingly" provide the infrastructure to carry out the attacks.
Ransomware
Some of the key actors that are assessed to be leveraging Cloudzy include state-sponsored entities from China (APT10), India (Sidewinder), Iran (APT33 and APT34), North Korea (Kimsuky, Konni, and Lazarus Group), Pakistan (Transparent Tribe), Russia (APT29 and Turla), and Vietnam (OceanLotus) as well as cybercrime entities (Evil Corp and FIN12).
Also in the mix are two ransomware affiliates dubbed Ghost Clown and Space Kook which use the BlackBasta and Royal ransomware strains, respectively, and the controversial Israeli spyware vendor Candiru.
It's suspected that malicious actors are banking on the fact that purchasing VPS services from Cloudzy only requires a working email address and anonymous payment in cryptocurrency, thus making it ripe for abuse and raising the possibility that threat actors could be weaponizing little-known firms to fuel major hacks.
"If your VPS server is suspended because of misuse or abusive usage such as prohibited uses: Phishing, Spamming, Child Porn, Attacking other people, etc.," reads the support documentation on Cloudzy's website. "There is a $250-$1000 fine or NO WAY for unsuspension; this depends on the complaint type."
"While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors," the company said.
Offline
Why is it that many exchanges has listed Iran as amongst the restricted countries. I am trying to see why is there so much restrictions on Iran by crypto companies.
Offline
Why is it that many exchanges has listed Iran as amongst the restricted countries. I am trying to see why is there so much restrictions on Iran by crypto companies.
i guess it is because of the rules and regulation of the Iranian government which is somehow hard for most exchange to comply.
Offline
The report sheds light on the activities of Cloudzy, highlighting how it operates out of Iran but is incorporated in the United States. This awareness is crucial in understanding the complexities of cybersecurity threats and the need for international cooperation to address them effectively.
Offline
By identifying various threat actors, including state-sponsored entities and cybercrime groups, the report provides valuable intelligence for cybersecurity professionals and law enforcement agencies to better understand the landscape of cyber threats and take appropriate action to mitigate them.
Offline
The report underscores the regulatory challenges in cyberspace, particularly regarding entities like Cloudzy that operate in a gray area, potentially violating U.S. sanctions. This highlights the need for policymakers to address regulatory gaps and enforce sanctions effectively to prevent such actors from operating with impunity.
Offline
The report also underscores the importance of implementing risk mitigation measures for organizations, such as monitoring for suspicious activities, enhancing cybersecurity awareness and training, and implementing robust security measures to protect against ransomware attacks and other cyber threats.
Offline
Understanding the Critical Role of Command-and-Control Providers in Cybersecurity Content: Command-and-Control Providers (C2Ps) like Cloudzy play a crucial role in the cybersecurity landscape by offering Remote Desktop Protocol (RDP) virtual private servers and anonymized services.
Offline
Understanding the Critical Role of Command-and-Control Providers in Cybersecurity Content: Command-and-Control Providers (C2Ps) like Cloudzy play a crucial role in the cybersecurity landscape by offering Remote Desktop Protocol (RDP) virtual private servers and anonymized services.
These services facilitate communication and control for cybercriminals, but they also serve as key points for detection and disruption by cybersecurity professionals. Understanding the importance of C2Ps is essential for developing effective strategies to combat cyber threats.
Offline
Comrade;38207 wrote:Understanding the Critical Role of Command-and-Control Providers in Cybersecurity Content: Command-and-Control Providers (C2Ps) like Cloudzy play a crucial role in the cybersecurity landscape by offering Remote Desktop Protocol (RDP) virtual private servers and anonymized services.
These services facilitate communication and control for cybercriminals, but they also serve as key points for detection and disruption by cybersecurity professionals. Understanding the importance of C2Ps is essential for developing effective strategies to combat cyber threats.
While Command-and-Control Providers (C2Ps) offer valuable services for cybercriminals, they also pose significant risks to cybersecurity. By providing infrastructure for illegal operations like ransomware attacks, C2Ps contribute to the proliferation of cyber threats.
Offline
Addressing the Legal and Ethical Implications of Command-and-Control Providers Content: The emergence of Command-and-Control Providers (C2Ps) like Cloudzy raises important legal and ethical questions regarding their operations. While C2Ps may operate within legal frameworks, they often facilitate illegal activities such as ransomware attacks.
Offline