Summary: Researchers have identified a malicious practice called “infrastructure laundering” linked to the China-based Funnull CDN, which exploits mainstream hosting providers to facilitate cybercrime. While AWS and Microsoft Azure are actively suspending fraudulent accounts, the quick cycle of IP acquisition by Funnull complicates detection and prevention efforts. The CDN has hosted a substantial number of scam websites that engage in investment fraud and money laundering activities, posing challenges for legitimate users and hosting providers alike.
Affected: Funnull CDN, Amazon Web Services (AWS), Microsoft Azure
Keypoints :
- Infrastructure laundering involves renting IPs from legitimate providers to host criminal websites.
- Funnull CDN has been linked to over 200,000 hostnames tied to scams, including fake trading platforms.
- Experts recommend reviewing cloud accounts and employing multifactor authentication to prevent account takeovers by threat actors.