Today, Silent Push announced that its threat analysts have discovered threat actors enabled by mainstream cloud providers, including Amazon Web Services (AWS) and Microsoft Azure.
New details uncovered in the course of this reporting indicate that FUNNULL is likely using fraudulent or stolen accounts to acquire these IPs to map to their CNAMEs, and providers we have spoken to claim this wasn’t caught in real time due to visibility holes from the technical complexity of their DNS architecture.
Additional key findings include:
- FUNNULL has rented over 1,200 IPs from Amazon and nearly 200 from Microsoft. Although most IPs have been taken down, new ones are acquired every few weeks.
- There are indications of FUNNULL illicitly acquiring the IPs using stolen or fraudulent accounts. However, external visibility into this process is limited.
- Money laundering is directly associated with a service hosted on shell websites, retail phishing schemes, and pig-butchering scams being kept online via infrastructure laundering.
This is now live at https://www.silentpush.com/blog/infrastructure-laundering/.
Related
This entry was posted on January 30, 2025 at 12:51 pm and is filed under Commentary with tags Silent Push. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Research Exposes FUNNULL CDN Renting IPs from Big Tech Like AWS & MSFT for Laundering
Today, Silent Push announced that its threat analysts have discovered threat actors enabled by mainstream cloud providers, including Amazon Web Services (AWS) and Microsoft Azure.
New details uncovered in the course of this reporting indicate that FUNNULL is likely using fraudulent or stolen accounts to acquire these IPs to map to their CNAMEs, and providers we have spoken to claim this wasn’t caught in real time due to visibility holes from the technical complexity of their DNS architecture.
Additional key findings include:
This is now live at https://www.silentpush.com/blog/infrastructure-laundering/.
Share this:
Like this:
Related
This entry was posted on January 30, 2025 at 12:51 pm and is filed under Commentary with tags Silent Push. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.