Malicious Infrastructure Finds Stability with aurologic GmbH
Essential information
- Published
- 06/11/2025 18:51
- Modified
- 06/11/2025 20:34
- Tags
- 2025-11-06 abuse amadey asyncrat aurologic aurotun bianlian castleloader castlerat cobalt strike cybercrime dark crystal rat darkcomet dcrat destiny stealer disinformation hosting infrastructure latrodectus lumma meduza stealer moobot neutrality phorpiex quasarrat redline stealer remcos rat rhadamanthys stealer risepro stealer sanctions sliver stealc svcstealer systembc thc hydra tinyloader transit upstream vidar
- Related entities
- 23 observables, 10 techniques (mitre), 8 others
Description
German hosting provider aurologic GmbH has become a central hub for high-risk hosting networks, providing upstream transit to multiple threat activity enablers. These include sanctioned entities like Aeza Group and other providers associated with cybercrime and disinformation campaigns. aurologic's continued service to these networks, despite public scrutiny and sanctions, raises questions about the line between neutrality and negligence in internet infrastructure. The company's reactive abuse handling and reliance on legal compliance over proactive risk management have allowed malicious actors to maintain operational stability. This case highlights broader challenges in accountability within the hosting ecosystem and the need for upstream providers to take greater responsibility in preventing infrastructure abuse.