A new malicious practice is being called “infrastructure laundering,” where attackers exploit mainstream hosting providers such as Amazon Web Services (AWS) and Microsoft Azure. Researchers have linked the China-based Funnull content delivery network (CDN) to this practice. During infrastructure laundering, threat actors operate “hosting companies” who rent IP addresses from these mainstream providers, then mapping them to their criminal websites. The researchers discovered that Funnull CDN, a Chinese company, has been using this tactic to create a network of scam websites. The company has rented over 1,200 IPs from AWS and almost 200 IPs from Microsoft, continuing to acquire new IPs every few weeks. 

Read more: https://www.darkreading.com/cloud-security/chinese-infrastructure-laundering-abuses-aws-microsoft-cloud