According to researchers, a cloud hosting service based in the United States has been accused of enabling state-sponsored cyberattacks

Researchers at cybersecurity company Halcyon have reported that a relatively unknown U.S.-registered cloud company called Cloudzy has been providing web hosting and internet services to over two dozen state-sponsored hacking groups and commercial spyware operators. The researchers found that Cloudzy was knowingly or unknowingly acting as a command-and-control provider (C2P) for these hacking groups. C2Ps are internet providers that enable hackers to host virtual private servers and other anonymous services used in cyberattacks and extortion.

Among the state-sponsored hacking groups that rely on Cloudzy are APT10 (backed by China), Kimsuky (backed by North Korea), Turla, Nobelium, and FIN12 (backed by Russia). FIN12 was involved in a series of ransomware attacks targeting the U.S. healthcare industry in 2020.

Cloudzy was also found to be hosting servers used by hacking groups from Iran, Pakistan, and Vietnam, as well as a Tel Aviv-based malware maker called Candiru, which sells spyware to government customers. Candiru was sanctioned by the U.S. government in 2021 for activities contrary to U.S. national security.

Halcyon believes that Cloudzy is likely acting as a front for AbrNOC, a cloud host operating out of Tehran, Iran, potentially putting American customers in conflict with U.S. government sanctions.

Despite Cloudzy's claim to not allow illegal activities on its service, Halcyon found that about half of the servers hosted by the company were directly supporting malicious activities. The cloud host markets itself in a way that appeals not only to privacy enthusiasts but also to threat actors. It only requires a working email address and anonymous cryptocurrency payment, particularly supporting Monero, a favored privacy coin among hackers.

Additionally, Cloudzy's website contains conflicting statements regarding illegal activities, stating that such actions will lead to immediate termination while also suggesting that bad actors could potentially continue using their services after paying a nominal fine.