The mainstream media has been stating that a phishing campaign where scammers are pretending to be Hydro-Québec to commit fraud is "associated with the Iranian state."

While it makes a better headline given the current conflict with Iran, at this time, it appears to be a significant stretch to tie this specific incident to the Iranian government.

In the Hydro-Québec case, the Iranian link is being made because researchers traced the scam to Cloudzy infrastructure. What isn't being highlighted is that Cloudzy has been used by over a dozen other state-sponsored actors (including China, Russia, and North Korea) and countless criminal bad actors. This is due to the fact that the company only requires an email for signup and accepts cryptocurrency, enabling total anonymity.

While Cloudzy's CEO has ties to Iran and the Iranian state has likely used its infrastructure in the past, this doesn't automatically make all activity from this dubious network state-sponsored. Cloudzy is widely known in the cybersecurity community as a "Command-and-Control Provider" (C2P) that deliberately facilitates global ransomware, phishing, and financial fraud by offering anonymous hosting with virtually no oversight or response to abuse complaints.

True Iranian state-sponsored actors like Handala and Nasir Security are engaging in destructive and disruptive cyberattacks, such as widespread data wiping and infrastructure sabotage, while this incident aligns far more closely with simple criminal fraud.

https://cyberagroup.com/