Iranian-Run Cloudzy: Unmasked Provider of Command-and-Control Services for Hacking Groups

In a groundbreaking investigation, the cybersecurity startup Halcyon has exposed the operations of an Iranian-run company named Cloudzy. This company has been providing command-and-control (C2) services to over 20 hacking groups, including ransomware operators, spyware vendors, and state-sponsored APT actors. Despite being registered in the United States, Halcyon’s researchers believe Cloudzy is operated out of Tehran, Iran, by an individual named Hassan Nozari, likely in violation of US sanctions.

Background on Cloudzy and its Operations

Cloudzy’s modus operandi is particularly alarming. The company only requires a working email address for registration, never verifies the identity of customers, and accepts anonymous payments in cryptocurrencies. Furthermore, during a 90-day analysis of Cloudzy’s services, Halcyon discovered that the cloud provider asks abusers to pay a nominal fee to continue operations, allowing them to evade detection and continue malicious activities.

Analysis of Cloudzy’s Services

The investigation carried out by Halcyon unveiled a far-reaching and diverse network of cyber threats. The Cloudzy infrastructure uncovered by the researchers was associated with hacking groups tied to various governments, including China, Iran, India, North Korea, Pakistan, Russia, and Vietnam. Additionally, the analysis revealed the involvement of Candiru, a sanctioned Israeli spyware vendor, as well as cybercrime rings and ransomware groups.

Of particular concern, the investigation identified two previously unreported ransomware groups: Ghost Clown and Space Kook, which rely on Cloudzy as a C2 provider. This discovery underscores the role Cloudzy plays in facilitating cybercriminal activities, including data breaches, extortion, and debilitating ransomware attacks.

Cloudzy’s Registration and Employees

Intriguingly, the researchers found that Cloudzy is formally registered as a company in the United States but lacks a physical office in the country. It became apparent that the company’s employees are primarily based in Iran, with Halcyon identifying eight individuals who appear to be employed by Cloudzy. Notably, there was a significant crossover between some of these individuals and employees of abrNOC, an Iranian hosting company suspected of involvement in cyber operations.

The Halcyon investigation highlighted a critical revelation

Cloudzy only exists on paper. The so-called employees of Cloudzy are, in fact, employees of abrNOC in Tehran. This discovery greatly implicates abrNOC as the actual hosting company behind Cloudzy. With high confidence, Halcyon assessed that Cloudzy is likely serving as a cutout for abrNOC, enabling the hosting company to operate discreetly.

The exposure of Cloudzy’s operations by Halcyon uncovers an extensive network of cyber threats, revealing the true depths of its involvement in supporting hacking groups globally. The potential violations of US sanctions raise concerns about the ability of rogue actors to circumvent international restrictions on cyber operations. The involvement of state-sponsored actors and sanctioned vendors emphasizes the significant international implications of this discovery.

This investigation reminds us of the crucial role cybersecurity research plays in unmasking and disrupting malicious activities. By shining a light on Cloudzy’s operations, Halcyon’s findings serve as a call to action for governments, cybersecurity organizations, and the global community to collaborate in countering such threats. Strengthened international cooperation and stringent regulatory measures are critical to mitigating these risks and protecting individuals, businesses, and nations from the pervasive threats posed by cybercriminal entities like Cloudzy.

Explore more

Can Stablecoins Balance Privacy and Crime Prevention?

The emergence of stablecoins in the cryptocurrency landscape has introduced a crucial dilemma between safeguarding user privacy and mitigating financial crime. Recent incidents involving Tether’s ability to freeze funds linked to illicit activities underscore the tension between these objectives. Amid these complexities, stablecoins continue to attract attention as both reliable transactional instruments and potential tools for crime prevention, prompting a

AI-Driven Payment Routing – Review

In a world where every business transaction relies heavily on speed and accuracy, AI-driven payment routing emerges as a groundbreaking solution. Designed to amplify global payment authorization rates, this technology optimizes transaction conversions and minimizes costs, catalyzing new dynamics in digital finance. By harnessing the prowess of artificial intelligence, the model leverages advanced analytics to choose the best acquirer paths,

How Are AI Agents Revolutionizing SME Finance Solutions?

Can AI agents reshape the financial landscape for small and medium-sized enterprises (SMEs) in such a short time that it seems almost overnight? Recent advancements suggest this is not just a possibility but a burgeoning reality. According to the latest reports, AI adoption in financial services has increased by 60% in recent years, highlighting a rapid transformation. Imagine an SME

Trend Analysis: Artificial Emotional Intelligence in CX

In the rapidly evolving landscape of customer engagement, one of the most groundbreaking innovations is artificial emotional intelligence (AEI), a subset of artificial intelligence (AI) designed to perceive and engage with human emotions. As businesses strive to deliver highly personalized and emotionally resonant experiences, the adoption of AEI transforms the customer service landscape, offering new opportunities for connection and differentiation.

Will Telemetry Data Boost Windows 11 Performance?

The Telemetry Question: Could It Be the Answer to PC Performance Woes? If your Windows 11 has left you questioning its performance, you’re not alone. Many users are somewhat disappointed by computers not performing as expected, leading to frustrations that linger even after upgrading from Windows 10. One proposed solution is Microsoft’s initiative to leverage telemetry data, an approach that