Multiple threat actors, including cybercrime groups and nation-state crews, leverage services offered by an obscure Iranian company called Cloudzy https://cloudzy.com. Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran, in possible violation of US sanctions under the direction of someone named Hassan Nozari. The company acts as a command-and-control provider (C2P), which provides attackers with Remote Desktop Protocol (RDP) virtual private s
ransomware-as-a-service (raas) (2)
This week, Rust-based file-encrypting ransomware was found to be impersonating the cybersecurity firm Sophos https://www.sophos.com as part of its operation. The malware named ‘SophosEncrypt’, the malware is being offered under the Ransomware-as-a-Service (RaaS) business model and appears to have already been used in malicious attacks. After several security researchers warned of the new RaaS, Sophos said it was aware of the brand's impersonation and was investigating the threat.
See: https:/