In a report a cybersecurity company claimed that a mysterious cloud service provider has been giving state-sponsored hackers access to the internet so they can extort from and spy on their victims.
Researchers at the Texas-based Halcyon said that a company called Cloudzy had been renting server space and reselling it to no fewer than 17 distinct state-sponsored hacking outfits from countries such as China, Russia, Iran, North Korea, India, Pakistan, and Vietnam. Hannan Nozari, CEO of Cloudzy, rejected Halcyon’s analysis and asserted that his company couldn’t be held accountable for its clients, of whom he believed only 2% were intentionally malicious.
Nozari asked Reuters during a conversation on LinkedIn: “If you are a knife factory, are you liable if someone misuses the knife? Believe me when I say that I detest those criminals and that we are doing all in our power to eliminate them. Online security experts claim that the incident exemplifies how ransomware and hacker groups take advantage of small businesses operating on the outskirts of cyberspace to execute major breaches. Halcyon calculated that nearly 50% of Cloudzy’s operation was illegal, including providing services to two ransomware organizations. Before the report was released, Halcyon executive Ryan Golden claimed, “It’s a rogues’ gallery on that through one provider.”
Halcyon arrived at its findings by following Cloudzy’s online trail, which involved renting servers directly from the company and connecting it to known hacking operations. Notably, the cybersecurity firm CrowdStrike, which was not involved in the investigation, asserted that they have not encountered any evidence of state-sponsored hackers employing Cloudzy. But it had observed other online criminal activities linked to it. Unknown is the location of Cloudzy’s headquarters. Cloudzy is “very probably” a front for another internet hosting company called abrNOC, which Nozari manages from Tehran, according to Halcyon researchers who examined the social media posts made by Cloudzy’s workers on LinkedIn and Facebook.
Although he acknowledged that abrNOC workers assisted with Cloudzy’s operations, Nozari, who claims to reside outside of Iran but would not be more precise, told Reuters that the two firms are distinct. He gave no other information. According to business records examined by Reuters and confirmed by Nozari, Cloudzy is registered under its former name, RouterHosting, in both Cyprus and the US state of Wyoming. He said that to register internet protocol addresses in the US, the business needed a US domicile. CloudPeak Law, a Wyoming law firm located in the small town of Sheridan and representing Nozari as its registered agent, is unsure about their client’s knowledge regarding the allegations made against them.
The person who answered the phone at CloudPeak Law’s office confirmed that her company was RouterHosting’s agent but added that, due to client confidentiality, “that is the extent of what anyone in our business is going to be able to tell you.” Nevertheless, the company did not respond to a later email.
As per Adam Meyers, an executive at CrowdStrike, Cloudzy’s approach to business follows the pattern commonly seen among numerous small virtual private server providers. They provide web hosting services in return for cryptocurrencies, without requiring thorough investigations or verification processes. He continued, “There’s a whole ecosystem of ne’er-do-well kind of people involved in this business.”
