Skip to content Skip to footer
0 items - $0.00 0
Menu

US cloud provider ran from Iran helps ransomware gangs and state hackers by campuscodi

0CommentsShare Post
US cloud provider ran from Iran helps ransomware gangs and state hackers by campuscodi
News

US cloud provider ran from Iran helps ransomware gangs and state hackers by campuscodi

August 1, 2023
0Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

The Halcyon Research and Engineering Team has published new research that details novel techniques used to unmask yet another Ransomware Economy player that is facilitating ransomware attacks and state-sponsored APT operations: Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.

While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors.

In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps), Halcyon demonstrates a unique method for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.

The report also describes how we used the same method to link the two ransomware affiliates to the same Internet Service Provider, Cloudzy, which accepts cryptocurrencies in exchange for anonymous use of its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services.

Inset Image Banner to download Halcyon's Cloudzy Report PDF.

Download the Full Report Here (PDF)

Key Findings:

  • Halcyon asserts that, based on this research, there is yet another key player supporting the burgeoning ransomware economy: Command-and-Control Providers(C2P) who – knowingly or not – provide services to attackers while assuming a legitimate business profile.  
  • Threat actors that are assessed to be leveraging Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.
  • Halcyon uses a

Read More

Tags:
0Likes
Leave a comment

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.