An apparently innocuous cloud hosting provider may be fronting for an Iran-based company that provides command-and-control services to ransomware attackers, according to a report published this week by security consultant and anti-ransomware vendor Halcyon.
Cloudzy, the report said, is primarily a virtual private server provider, which accepts cryptocurrency as payment for its services. Halcyon said that it has identified a host of threat actors that have used the company’s services in the past, including APT groups with links to the Chinese, Iranian, North Korean and Russian governments, among others. Cloudzy has also provided services for a known spyware vendor and more than one criminal syndicate, Halcyion said.