{"id":1508,"date":"2023-08-01T13:00:00","date_gmt":"2023-08-01T13:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=75932"},"modified":"2023-08-01T13:00:00","modified_gmt":"2023-08-01T13:00:00","slug":"us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/01\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say\/","title":{"rendered":"US internet hosting company appears to facilitate global cybercrime, researchers say"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>US internet hosting company appears to facilitate global cybercrime, researchers say | CyberScoop<\/title> <meta name=\"description\" content=\"Cloudzy, an internet hosting company with a New York phone number, may aiding hackers from Iran, Russia and North Korea.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/internet-hosting-company-global-cybercrime-cloudzy\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"US internet hosting company appears to facilitate global cybercrime, researchers say\"> <meta property=\"og:description\" content=\"Cloudzy, an internet hosting company with a New York phone number, may aiding hackers from Iran, Russia and North Korea.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/internet-hosting-company-global-cybercrime-cloudzy\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-08-01T13:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2023-08-01T13:05:34+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1080\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1689625837g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1690881885g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1690549404g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=008d053dcbaaeb47b822\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/75932\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<link rel=\"wlwmanifest\" type=\"application\/wlwmanifest+xml\" href=\"https:\/\/cyberscoop.com\/wp-includes\/wlwmanifest.xml\">\n<meta name=\"generator\" content=\"WordPress 6.2.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=75932\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Finternet-hosting-company-global-cybercrime-cloudzy%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Finternet-hosting-company-global-cybercrime-cloudzy%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-75932 single-format-standard\" id=\"readabilityBody\"> <svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-dark-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncG type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncB type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.54901960784314 0.98823529411765\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.71764705882353 0.25490196078431\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-red\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.27843137254902\" \/><feFuncB type=\"table\" tableValues=\"0.5921568627451 0.27843137254902\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-midnight\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0\" \/><feFuncG type=\"table\" tableValues=\"0 0.64705882352941\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-magenta-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.78039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.94901960784314\" \/><feFuncB type=\"table\" tableValues=\"0.35294117647059 0.47058823529412\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-green\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.65098039215686 0.40392156862745\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.44705882352941 0.4\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-orange\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.098039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.66274509803922\" \/><feFuncB type=\"table\" tableValues=\"0.84705882352941 0.41960784313725\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg> <a href=\"https:\/\/cyberscoop.com\/internet-hosting-company-global-cybercrime-cloudzy\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.171821305842\">\n<div class=\"single-article__header-content\" readability=\"33.196721311475\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Cloudzy, an internet hosting company with a New York phone number, may aiding hackers from Iran, Russia and North Korea. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say.jpg?resize=640%2C360&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/us-internet-hosting-company-appears-to-facilitate-global-cybercrime-researchers-say-1.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Cloud or data center. (mesh cube\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"78.168311248943\"><body readability=\"157.58757303691\"><\/p>\n<p>A little-known American internet hosting company appears to be partially enabling a \u201cwide range\u201d of cybercrime, nation-state hackers and a sanctioned spyware vendor, researchers alleged Tuesday.<\/p>\n<p>Additionally, the company known Cloudzy is \u201calmost certainly a cutout\u201d for a outfit operating in Tehran, according to an investigation by the cybersecurity firm Halcyon. <\/p>\n<p><a href=\"https:\/\/www.halcyon.ai\/blog\/report-ransomware-command-and-control-providers-unmasked-by-halcyon-researchers\" target=\"_blank\" rel=\"noreferrer noopener\">Halcyon\u2019s analysis<\/a> concludes that hosting company Cloudzy either knowingly or unwittingly provides a platform for illicit digital activity linked to China, Iran, North Korea, Russia, India, Pakistan and Vietnam. Furthermore, according to the researchers, Cloudzy\u2019s infrastructure has been linked to Candiru, an Israeli spyware vendor <a href=\"https:\/\/www.commerce.gov\/news\/press-releases\/2021\/11\/commerce-adds-nso-group-and-other-foreign-companies-entity-list\" target=\"_blank\" rel=\"noreferrer noopener\">sanctioned by the U.S. government<\/a> in November 2021.<\/p>\n<p>Cloudzy is one of an array of web infrastructure firms abused by criminals and state-backed hackers to carry out operations around the world, Halcyon noted. But unlike so-called bulletproof hosting providers, which claim to operate with a policy of customer anonymity out of a belief in privacy, Cloudzy takes it a step further by appearing to be a normal company when it seems to be trying to hide its connections, the research revealed.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ransomware syndicates and state-aligned hacking operations take advantage of a robust ecosystem of malware developers, initial access brokers, cryptocurrency launderers, hosting providers and other entities to carry out their operations. According to Halcyon, Cloudzy is essentially a command-and-control provider (C2P), giving hackers a ready platform to launch attacks, obfuscate traffic and make attribution more difficult.<\/p>\n<p>Cloudzy appears to be the work of <a href=\"https:\/\/abrnoc.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">abrNOC<\/a>, according to Halcyon, a company with an address on Fatemi Square in Tehran. Its blogs are written by people who either don\u2019t exist or are using fake names, Halcyon found. The headshot for one blog author named \u201c<a href=\"https:\/\/cloudzy.com\/blog\/rdp-vs-vnc\/\" target=\"_blank\" rel=\"noreferrer noopener\">Matt Schmitt<\/a>,\u201d for instance, is a <a href=\"https:\/\/depositphotos.com\/127379468\/stock-photo-smiling-technician-standing-in-a.html\" target=\"_blank\" rel=\"noreferrer noopener\">stock image<\/a> of a man standing in a server room. The two companies\u2019 logos are nearly identical as well, with Cloudzy\u2019s being one shade of purple while abrNOC\u2019s is blue, red and green.<\/p>\n<p>Halcyon concluded with \u201chigh confidence that C2P Cloudzy is almost certainly a cutout for the actual hosting company, abrNOC, operating out of Tehran, Iran,\u201d the report read.<\/p>\n<p>\u201cOur report identified several areas of potential legal liability relating to the apparent operation of an Iranian business in the United States, which if substantiated would raise significant concerns in light of current sanctions requirements,\u201d the report read, referring to <a href=\"https:\/\/www.ecfr.gov\/current\/title-31\/subtitle-B\/chapter-V\/part-560?toc=1\" target=\"_blank\" rel=\"noreferrer noopener\">federal regulations<\/a> related to working with Iranian companies. Halcyon recommended that anyone doing business with Cloudzy \u201cpause to consider the legal implications of their continued association with that company.\u201d<\/p>\n<p>Less than five minutes after CyberScoop sent an email to Cloudzy\u2019s support email address, a message came back saying the query would not be accepted because it did not come from a recognized Cloudzy customer email address. Attempts to reach the company by phone Monday were unsuccessful; the line was busy each time.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Halcyon began investigating Cloudzy as it was looking into two previously unknown ransomware affiliates, who were using a third-party hosting service as part of their infrastructure, Jon Miller, Halcyon\u2019s CEO and co-founder, told CyberScoop ahead of the report\u2019s release.<\/p>\n<p>\u201cWhen we reached to the third party to let them know that their infrastructure was being abused,\u201d Miller said, referring to Cloudzy, \u201cthey essentially brushed us off. That tipped us off that if they\u2019re brushing off these types of abuse complaints, there\u2019s probably a lot of abuse going on here.\u201d<\/p>\n<p>Cloudzy initially said it would suspend one of the accounts flagged by Halcyon, according to the report, \u201cbut then shortly reversed course,\u201d referring Halcyon instead to one of a more than a dozen internet service providers that may be leasing IP space to Cloudzy.<\/p>\n<p>Subsequent analysis of traffic related to Cloudzy \u2014 which operated as \u201cRouterHosting\u201d <a href=\"https:\/\/www.theglobeandmail.com\/investing\/markets\/markets-news\/AccessWire\/8877763\/routerhosting-rebrands-as-cloudzy\/\" target=\"_blank\" rel=\"noreferrer noopener\">until 2022<\/a> \u2014 revealed that \u201cat least 40% \u2013 60% of activity leveraging Cloudzy services is malicious in nature,\u201d according to the report.<\/p>\n<p>Analysis of one of the ransomware operators \u2014&nbsp;which Halcyon dubbed \u201cSpace Kook,\u201d a reference to a <a href=\"https:\/\/scoobydoo.fandom.com\/wiki\/Spooky_Space_Kook\" target=\"_blank\" rel=\"noreferrer noopener\">Scooby Doo villain<\/a> \u2014&nbsp; showed connections to an initial access broker <a href=\"https:\/\/blog.google\/threat-analysis-group\/exposing-initial-access-broker-ties-conti\/\" target=\"_blank\" rel=\"noreferrer noopener\">Google\u2019s Threat Analysis Group<\/a> dubbed Exotic Lily in a March 2022 report. Exotic Lily, in turn, had shown previous connections to a Russian financially-motivated cybercrime group known as FIN12, and the Conti ransomware group.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Analysis of malicious traffic leading back to Cloudzy showed what Halcyon described as \u201ca staggering array of attack infrastructure which we, and others in the security community, recognized and associated with a wide range of threat actors.\u201d The historic activity included hacking operations with ties to state-aligned groups in China, India, Iran, North Korea, Russia and Vietnam, the research showed. Some activity tied to a group tracked as UNC2352, <a href=\"https:\/\/www.wsj.com\/articles\/the-ruthless-cyber-gang-behind-the-hospital-ransomware-crisis-11623340215\" target=\"_blank\" rel=\"noreferrer noopener\">which had been accused of attacking hospitals<\/a> with Ryuk ransomware variant.<\/p>\n<p>\u201cC2Ps end up granting ransomware groups anonymous use of their infrastructure to launch attacks because, in the interest of privacy, they never bother to ask who their customers are,\u201d the report read. \u201cThey are not required to. In this way, ransomware activity lines two sets of pockets \u2013 the criminals who deploy it and the service providers who turn a blind eye to them.&nbsp;In the case of Cloudzy, that blind eye missed a lot.\u201d<\/p>\n<p>Cloudzy, which claims to operate out of New York City, is registered in Wyoming under the name of a lawyer who provides registered agent services, while a support phone number is tied to an address in Las Vegas. A man named Hannan Nozari is listed as abrNOC\u2019s CEO, and identifies himself as the founder of both companies in <a href=\"https:\/\/twitter.com\/Hannan_Nozari\" target=\"_blank\" rel=\"noreferrer noopener\">his Twitter bio<\/a>, as well as an \u201cNoob on the Internet,\u201d a reference to being new and inexperienced online.<\/p>\n<p>A message left for the attorney in Wyoming, as well as an email sent through the firm\u2019s online portal, was not immediately returned. Nozari did not respond to a message sent via LinkedIn, but he <a href=\"https:\/\/www.reuters.com\/technology\/cloud-company-assisted-17-different-government-hacking-groups-us-researchers-2023-08-01\/\" target=\"_blank\" rel=\"noreferrer noopener\">told Reuters<\/a> that he was not responsible for his customers\u2019 actions and that his company does \u201ceverything we can to get rid of them.\u201d Nozari also told Reuters that he estimated only 2% of his clients were malicious. <\/p>\n<p>\u201cWe recommend that Internet service providers learn a lesson from C2P Cloudzy and do a better job of knowing their customers,\u201d Halcyon concluded. \u201cFor even if C2P Cloudzy had no knowledge of the high frequency and volume of the malicious traffic running through its leased infrastructure, significant damage was still done as a result of their policies. And the abuse of legitimate service providers will continue so long as \u2018Internet noobs\u2019 like Hassan Nozari allow criminals to act with impunity \u2014 all in the name of privacy.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/internet-hosting-company-global-cybercrime-cloudzy\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US internet hosting company appears to facilitate global cybercrime, researchers<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[681,682,683,282,302,684,685,513],"tags":[686,687,688,286,306,689,690,517],"class_list":["post-1508","post","type-post","status-publish","format-standard","hentry","category-abrnoc","category-bulletproof-hosting","category-cloudzy","category-cybercrime","category-geopolitics","category-halcyon","category-infrastructure","category-iran","tag-abrnoc","tag-bulletproof-hosting","tag-cloudzy","tag-cybercrime","tag-geopolitics","tag-halcyon","tag-infrastructure","tag-iran"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/abrnoc\/\" rel=\"category tag\">abrNOC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/bulletproof-hosting\/\" rel=\"category tag\">bulletproof hosting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudzy\/\" rel=\"category tag\">Cloudzy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/halcyon\/\" rel=\"category tag\">Halcyon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/infrastructure\/\" rel=\"category tag\">infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a>","tag_info":"Iran","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1508"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1508\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}