An obscure cloud service company has been providing state-sponsored hackers with internet services to spy on and extort their victims, cyber security researchers at Halcyon said.
The company, Cloudzy, had been leasing server space and reselling it to no fewer than 17 different state-sponsored hacking groups from China, Russia, Iran, North Korea, India, Pakistan and Vietnam.
Cloudzy CEO Hannan Nozari disputed Halcyon’s assessment, saying that his firm couldn’t be held responsible for its clients, of which he estimated only two percent were malicious.
In an exchange over LinkedIn, Nozari told Reuters: “If you are a knife factory, are you responsible if someone misuses the knife? Trust me I hate those criminals and we do everything we can to get rid of them.”
Digital defenders say the case is an example of how hackers and ransomware gangs use small firms operating at the fringes of cyberspace to enable big hacks.
Halcyon estimated that roughly half of Cloudzy’s business was malicious, including renting services to two ransomware groups.
“It’s a rogues’ gallery on that through one provider,” said Halcyon executive Ryan Golden ahead of the report’s publication.
Halcyon arrived at its conclusion by mapping out Cloudzy’s digital footprint, in part by renting servers directly from the firm and by tying it to known hacking operations.
The cyber security firm CrowdStrike, which wasn’t involved in the research, said that it hadn’t seen state-sponsored hackers using Cloudzy. But it had seen other cybercriminal activity connected to it.
Cloudzy’s geographic base of operations is unclear.
Halcyon researchers analysed Cloudzy’s employees’ social media, including LinkedIn and Facebook postings, and found the firm is “almost certainly” a front for another internet hosting company called abrNOC, which Nozari runs from Tehran.
Nozari, who says he lives outside Iran but would not be more specific, told Reuters the companies are separate, although he acknowledged that abrNOC employees helped with Cloudzy’s operations. He didn’t provide details.
Cloudzy is registered under its previous name, RouterHosting, in Cyprus and the US state of Wyoming, according to corporate records reviewed by Reuters and confirmed by Nozari.
He said the company needed US domicile to be able to register internet protocol addresses in America.
It’s not clear whether Nozari’s registered agent – CloudPeak Law, a Wyoming law firm based in the small city of Sheridan – was aware of the allegations against its client.
A woman who answered at CloudPeak Law’s office confirmed that her firm was RouterHosting’s agent but said that, due to client confidentiality, “that is the extent of what anyone in our firm is going to be able to tell you.”
The firm didn’t respond to a follow-up email.
Cloudzy’s business model is typical of several small virtual private server providers that rent internet hosting services in exchange for cryptocurrency, no questions-asked, said Adam Meyers, an executive with CrowdStrike.
“There’s a whole ecosystem of ne’er-do-well kind of folks who are in this business,” he said.
About Author
