In a recent report, cybersecurity startup Halcyon has exposed an Iranian-run company named Cloudzy that is providing command-and-control services to over 20 hacking groups, including ransomware operators, spyware vendors, and state-sponsored actors. Despite being registered in the United States, Cloudzy is believed to be operated out of Tehran, Iran by an individual named Hassan Nozari, potentially violating U.S. sanctions.
Halcyon’s research note reveals that Cloudzy acts as a command-and-control provider (C2P) for various threat actors, advertising its services as protecting user anonymity. However, when malicious activity is brought to Cloudzy‘s attention, the company does not respond. Interestingly, the ISP only requires a working email address for registration, never verifies the identity of customers, and accepts anonymous payments in cryptocurrencies. Although the terms and conditions prohibit the use of their services for illicit activities, Halcyon found that Cloudzy charges abusers a nominal fee to continue using the services.
Further analysis by Halcyon uncovered that more than half of the servers hosted by Cloudzy directly support malicious activities, primarily on infrastructure borrowed from twelve other ISPs. The investigation also revealed that Cloudzy‘s services were used by hacking groups associated with various governments, including China, Iran, India, North Korea, Pakistan, Russia, Vietnam, as well as Israel’s sanctioned spyware vendor, Candiru, and cybercrime rings and ransomware groups.
Another alarming discovery was the identification of two previously unreported ransomware groups, Ghost Clown and Space Kook, both relying on Cloudzy as their C2P. Ghost Clown was found deploying Cobalt Strike implants and Conti and BlackBasta ransomware, while Space Kook relied on Cobalt Strike and Quantum Locker and Royal ransomware.
Halcyon’s investigation further revealed that Cloudzy is registered as a company in the United States, but it does not have a physical presence there. Digging deeper, the researchers traced a connection between Cloudzy and the Iranian firm abrNOC. Both companies allegedly have Hannan Nozari as their founder and are traced back to Tehran, Iran. Halcyon identified eight individuals employed by Cloudzy who are based in Iran, with some of them having links to employees of abrNOC. It was determined that Cloudzy only exists on paper, with its employees being the employees of abrNOC in Tehran. Additionally, some of the Cloudzy bloggers are either fictional or employees of abrNOC.
Halcyon concludes with high confidence that Cloudzy is most likely a cutout for the actual hosting company, abrNOC, operating out of Tehran, Iran.
### Analysis: The Implications of Cloudzy‘s Illicit Activities
The exposure of Cloudzy‘s involvement in supporting hacking groups and state-sponsored actors raises several troubling concerns. First and foremost, it underscores the importance of robust internet security measures to prevent such malicious activities from taking place. The fact that Cloudzy operates under the guise of protecting user anonymity while facilitating criminal activities highlights the need for stronger regulation and oversight in the cyberspace.
Furthermore, the discovery of previously unreported ransomware groups and the diverse range of governments and cybercrime rings associated with Cloudzy‘s services demonstrates the global reach and impact of these illicit activities. It is a stark reminder that the threat landscape continues to evolve and necessitates constant vigilance and proactive measures from both cybersecurity professionals and policymakers.
The fact that Cloudzy is registered in the United States but operates out of Iran also raises questions regarding international cooperation in addressing cyber threats. In this case, Cloudzy‘s violation of U.S. sanctions highlights the challenges in enforcing regulations across borders and the need for improved collaboration between nations to combat cybercrime.
### Editorial: Strengthening Internet Security and Global Cooperation
The revelations about Cloudzy‘s involvement in supporting hacking groups and state-sponsored actors reinforce the urgency to strengthen internet security and increase global cooperation in the fight against cyber threats. While it is challenging to completely eradicate criminal activities in the online space, proactive steps can be taken to mitigate risks and hold those responsible accountable.
First and foremost, governments must prioritize cybersecurity as a national security concern and allocate resources to develop and enforce robust internet security measures. This includes investing in research and development of advanced threat detection systems, enhancing cooperation between law enforcement agencies, and promoting public-private partnerships to share threat intelligence and best practices.
Furthermore, international collaboration is essential to effectively combat cybercrime. Governments and international organizations should establish frameworks for information sharing and coordinate efforts to identify and dismantle criminal networks operating across borders. This requires diplomatic initiatives, improved legal frameworks, and enhanced cyber deterrence measures to hold malicious actors accountable.
At the individual level, internet users must prioritize their own cybersecurity by practicing good online hygiene. This includes regularly updating software and devices, using strong and unique passwords, and exercising caution while clicking on links or opening attachments. Additionally, individuals should be aware of the risks associated with anonymous services and consider using reputable and trusted providers for their online activities.
### Advice: Ensuring Personal Internet Security
As individuals navigate the increasingly complex digital landscape, it is crucial to prioritize personal internet security. Here are some essential tips to protect oneself online:
1. Use strong and unique passwords: Create complex passwords for each online account and consider using a password manager to securely store them.
2. Keep software and devices up to date: Regularly update operating systems, applications, and antivirus software to ensure they have the latest security patches.
3. Be cautious of phishing scams: Exercise caution when clicking on links or opening email attachments, particularly if they are from unknown sources. Be skeptical of emails or messages asking for personal information.
4. Enable multi-factor authentication (MFA): Enable MFA whenever possible, as it adds an extra layer of security by requiring multiple forms of verification to access an account.
5. Use reputable and trusted online services: Be cautious of using anonymous or unverified services, as they may compromise personal data and privacy.
6. Educate yourself about online threats: Stay informed about the latest cybersecurity threats and best practices by following reputable sources of information and engaging in cybersecurity awareness training.
By adopting these practices, individuals can significantly enhance their personal internet security and contribute to the broader fight against cyber threats.
<< photo by Michael Dziedzic >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Collide+Power Side-Channel Attack: A New Threat to Data Leakage in Modern CPUs
- CISA Exposes Barracuda Email Security’s “Submarine” Backdoor Vulnerability
- ‘DarkBERT’: The Rise of AI-Powered Malware Training on the Dark Web
- US Internet Hosting Company: A Breeding Ground for Global Cybercrime?
- The Hidden Threat: Targeted Malware Breaches Air-Gapped ICS Systems
- Unveiling Apple’s Restricted APIs: Shaping Ethical Development Practices
- Mozilla’s Movement Towards Secure Browsing: Firefox Addresses Multiple Vulnerabilities in Recent Update
- Exploring the Risk: Wi-Fi Vulnerability in 200 Canon Printer Models
- Editorial Exploration: Examining the Impact and Significance of the California Delete Act
