Cloud Security, Threat Intelligence

Numerous state-backed threat operations supported by US-registered cloud provider

More than 24 different state-sponsored threat operations and spyware developers, including Russia-backed Turla, FIN12, and Nobelium, China-backed APT10, and North Korea-backed Kimsuky, as well as Israel-based Candiru, have been provided command-and-control support for their attacks by U.S.-registered cloud provider Cloudzy, TechCrunch reports. Nearly 50% of all Cloudzy's servers have been utilized for malicious activity, noted a Halcyon report, which also showed that the hosting provider has minimal requirements that "directly appeals not just to privacy enthusiasts, but also to threat actors." Moreover, Cloudzy has been linked by researchers with high confidence to Iran-based cloud host abrNOC after discovering not only similarities in both firms' logo designs but also in fictitiously named workers. In a statement to Reuters, abrNOC CEO and Cloudzy founder Hannan Nozari said that only 2% of its client base was engaged in malicious activities and claimed that the company has been doing everything to remove such clients.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.