Security researchers claim virtual server provider Cloudzy has been providing internet services to aid state-affiliated hackers in their espionage endeavors. The report found the VSP company had been leasing server space to resell to 17 hacking groups spanning the globe.
This includes groups tied to Chinese, Iranian, North Korean, Russian, Indian, Pakistani and Vietnamese governments. According to the report, between 40 to 60 percent of Cloudzy’s client base are entities potentially engaging in malicious activities.
Halcyon arrived at this conclusion through an investigation into Cloudzy’s online presence, involving the direct rental of servers from the cloud service provider. The researchers established a connection between Cloudzy and well-known cyber operations linked to state-sponsored groups.
Cloudzy CEO Hannan Nozari disputed the claim in a LinkedIn exchange with Reuters by saying that the company is not responsible for their clients’ actions. Nozari followed up by describing that the company has only discovered an estimated 2% of its business to be malicious.
The report also identified Cloudzy as one of the common service providers for supporting ransomware attacks. This comes along with evidence from Halcyon pointing out that Cloudzy is likely operating out of Tehran, Iran. Because the company is incorporated in the US, operating in Iran violates US sanctions.
Halcyon has brought attention to this case, exemplifying how hackers leverage small companies operating on the outskirts of cyberspace to carry out large hacks.