216.73.216.133

Infrastructure Laundering: Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech

· Published 31/01/2025 13:44 · Modified 31/01/2025 14:07

Export JSON

Essential information

Published
31/01/2025 13:44
Modified
31/01/2025 14:07
Tags
2025-01-31 infrastructure laundering phishing
Related entities
9 observables, 1 intrusion sets (apt), 10 techniques (mitre), 4 others

Description

This article unveils the practice of '' by cybercriminals, specifically focusing on the FUNNULL content delivery network. The investigation reveals that FUNNULL has been renting IP addresses from major cloud providers like Amazon Web Services and Microsoft Azure, using these to host malicious websites involved in retail , investment scams, and money laundering. Despite efforts by cloud providers to ban these IPs, FUNNULL continually acquires new ones, likely through fraudulent means. The research highlights the challenges faced by cloud providers in detecting and preventing this abuse in real-time, raising questions about the effectiveness of current security measures and the responsibilities of hosting companies in combating such sophisticated criminal activities.

External references