A web hosting provider’s servers ended up used in a series of targeted attacks by advanced persistent threats (APT) since early 2015, researchers said.
Registration for the small Virtual Private Server (VPS) hosting company is in Dubai, United Arab Emirates (UAE), but it has servers in the Netherlands and Romania, said researchers at Trend Micro.
Over the past year, the company’s servers ended up used in more than 100 “serious” cyber attacks, said Feike Hacquebord, senior threat researcher at Trend Micro in a blog post.
Pawn Storm group took advantage of the hosting provider’s servers for at least 80 high profile attacks against governments in Bulgaria, Greece, Malaysia, Montenegro, Poland, Qatar, Romania, Saudi Arabia, Turkey, Ukraine, United States, and UAE. The Pawn Storm group also used the VPS hosting provider for C&C servers, exploit sites, spear-phishing campaigns, domestic espionage in Russia, and free Webmail phishing sites targeting high profile users.
As it turns out, the VPS provider is sees use from attackers such as DustySky (also known as the Gaza hackers, targeting Israel, other Middle Eastern countries, and companies who do business in Israel and Egypt) to host their command-and-control (C&C) servers and to send spear phishing emails. The provider also hosted a C&C server from the Carbanak banking malware in 2014.