Infrastructure Laundering: Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech
Jan. 31, 2025, 2:07 p.m.
Description
This article unveils the practice of 'infrastructure laundering' by cybercriminals, specifically focusing on the FUNNULL content delivery network. The investigation reveals that FUNNULL has been renting IP addresses from major cloud providers like Amazon Web Services and Microsoft Azure, using these to host malicious websites involved in retail phishing, investment scams, and money laundering. Despite efforts by cloud providers to ban these IPs, FUNNULL continually acquires new ones, likely through fraudulent means. The research highlights the challenges faced by cloud providers in detecting and preventing this abuse in real-time, raising questions about the effectiveness of current security measures and the responsibilities of hosting companies in combating such sophisticated criminal activities.
Tags
Date
- Created: Jan. 31, 2025, 1:44 p.m.
- Published: Jan. 31, 2025, 1:44 p.m.
- Modified: Jan. 31, 2025, 2:07 p.m.
Indicators
- 0e6de73d2.n.fnvip100.com
- funnull100.com
- funnull.vip
- fn301.vip
- coroexchange.com
- b69885.com
- bonanza.jdfraa.com
- 6ce0a6db.u.fn03.vip
- cmegrouphkpd.info
Attack Patterns
- FUNNULL
- T1594
- T1606
- T1585
- T1589
- T1586
- T1608
- T1583
- T1590
- T1592
- T1584
Additional Informations
- Retail
- Technology
- Finance
- United States of America