Iranian cloud company registered in the United States, Cloudzy, has provided web hosting and internet services to state-sponsored hacking groups, according to cybersecurity company Halcyon.
The Texas-based cybersecurity firm found that Cloudzy ‘knowingly or not’ provided services to attackers while assuming a legitimate business profile.
The hacking groups are said to be tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments.
Halcyon estimated that between 40% and 60% of Cloudzy’s business was malicious in the report Cloudzy with a chance of Ransomware.
“It’s a rogues’ gallery on that through one provider,” said Ryan Golden, CMO of Halcyon.
Halcyon arrived at its conclusion by mapping the digital footprint of Cloudzy and tying it to known hacking operations. This was partially achieved by renting servers directly from the firm.
Over half of its hosted servers were discovered supporting malicious activities directly on infrastructure loaned from a dozen different ISPs.
Halcyon identified two previously unknown ransomware affiliates dubbed Ghost Clown and Space Kook that are currently deploying Black Basta and Royal ransomware strains, respectively.
Cloudzy reportedly accepts cryptocurrency payments from users wanting to anonymously use its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services. While its terms and conditions prohibit Cloudzy from getting involved in illegal activities, the ISP services provider is said to have allowed abusers to continue operations for a nominal fee of up to $1,000.
Cybersecurity firm CrowdStrike in a separate statement said it had not seen state-sponsored hackers using Cloudzy, but other cybercriminal activity was identified.
Adam Meyers, Senior Vice President of Intelligence of CrowdStrike, said that Cloudzy’s business model is typical for a number of small VPS providers that rent internet hosting services in exchange for crytocurrency without any questions asked.
“There’s a whole ecosystem of ne’er-do-well kind of folks who are in this business,” said Meyers.
Cloudzy CEO Hannan Nozari disputed the Halcyon findings. He estimated that only 2% of its clients were malicious and could not be held responsible for its clients.
In an exchange with Reuters on LinkedIn, Nozari condemned the actions of the hacking groups.
“If you are a knife factory, are you responsible if someone misuses the knife? Trust me I hate those criminals and we do everything we can to get rid of them,” said Nozari.
Cloudzy reportedly operates out of New York City, is registered in Wyoming, and has a support phone number linked to Las Vegas.
Cloudzy is also registered under its previous name, RouterHosting, in Cyprus. Halcyon stated that Cloudzy is ‘almost certainly’ a front for another internet hosting company called abrNOC, which Nozari runs from Tehran, Iran.
Hungry for more tech news?
Sign up for your weekly tech briefings!