Lawrence S.

This is highly likely CrazyRDP :)

Duizenden servers in beslaggenomen in omvangrijk cybercrime onderzoek In een onderzoek naar een malafide hostingbedrijf zijn door het team cybercrime Oost-Nederland duizenden servers in beslaggenomen. Het hostingbedrijf wordt volgens de politie enkel en alleen gebruikt ...

www.politie.nl/nieuws/2025/...

Operation Endgame 3.0 took down 1025 servers including CrazyRDP Europol and Shadowserver have announced today they have completed "third phase" of Endgame operation targeting infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium...

2/ ASNs believed to be utilised by CrazyRDP were reportedly downstream of aurologic….. lowendspirit.com/discussion/c...

Dutch police seize thousands of servers used for ransomware, child sex abuse footage The Dutch police seized thousands of servers in The Hague and Zoetermeer, used solely for hosting criminal activities. According to the police, the hosting company rented space to criminals to carry o...

1/ Reports indicating that CrazyRDP is the bulletproof hoster behind this seizure in the Netherlands. nltimes.nl/2025/11/14/d...

3/ metaspinner net GmbH (Hamburg, Germany) has no affiliation with #AS209800, Virtualine Technologies, or any related malicious activity associated with that network.

2/ A falsified RIPE end-user agreement provided to Insikt Group highlights how a basic verification check against publicly accessible company registration documents could have prevented the fraudulent registration.

1/ [UPDATE] As of November 10, 2025, metaspinner net GmbH has provided substantial evidence confirming Insikt Group’s original assessment that their identity was unlawfully and fraudulently used in the registration of #AS209800.

German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure German hosting provider aurologic GmbH has emerged as a critical hub within the global malicious infrastructure ecosystem, according to recent intelligence reporting.

German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure gbhackers.com/german-isp-a...

Malicious Infrastructure Finds Stability with aurologic GmbH

German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure

German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure

Malicious Infrastructure Finds Stability with aurologic GmbH This investigative report reveals how German hosting provider aurologic GmbH has become a central enabler of malicious internet infrastructure, linking numerous threat activity networks while operatin...

/10 Dive into the full report “Malicious Infrastructure Finds Stability with Aurologic GmbH” for the data, analysis, and context behind this ecosystem: www.recordedfuture.com/research/mal...

9/Aeza Group continues to rely on aurologic for a large share of its connectivity, announcing roughly half of its IP space, despite recent sanctions by the US and the UK.

8/ Femo IT Solutions was allocated a /24 prefix from a /17 network registered to the Iranian Research Organization for Science and Technology (IROST), the same origin seen in allocations to other TAEs such as Global Connectivity Solutions and Aeza Group.

7/ Femo IT Solutions Ltd #AS214351 is a UK-registered network with close operational ties to self-proclaimed bulletproof hoster “Defhost”, who offer “Germany-only” abuse-resilient services on underground forums.

6/ Virtualine Technologies is a Russia-linked TAE with operational ties to multiple organizations used to register and control IP space, masking ownership and maintaining operational control through networks like Railnet.

5/ Railnet’s elevated abuse levels followed the transfer of Metaspinner Net IP space to Lanedonet, networks assessed with high probability to have impersonated legitimate companies, under the control of actors tied to Virtualine Technologies.

4/ Railnet LLC #AS214943 is one of the largest sources of malicious infrastructure observed by Insikt Group, with over 80 validated C2 servers currently active on the network.

3/ Among the highest risk networks are: The recently sanctioned Aeza Group #AS210644, Railnet LLC #AS214943, Global-Data System IT Corp aka SWISSNETWORK02 #AS42624, and Femo IT Solutions #AS214351.

2/ RecordedFuture network intelligence identified persistent malicious infrastructure across more than 20 networks receiving upstream transit from aurologic, several of which are assessed with high probability to operate as Threat Activity Enablers (TAEs).

1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”

We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.

Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals Explore how Russia’s cybercriminal ecosystem evolved under Operation Endgame—where state control, selective enforcement, and criminal alliances collide.

Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...

Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇

Great opinion piece by my colleague @lawrencesec.bsky.social on an extremely timely and important topic!

🚨 My latest research for @bindinghook is out!

I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.

‘Neutral’ internet governance enables sanctions evasion Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?

In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...

Why democracies need emotional resilience against surveillance Surveillance technologies have become central to democratic counterterrorism, reshaping how citizens relate to the state. By extending into everyday life, these tools not only promise protection but a...

#Surveillance has become central to #counterterrorism in democracies, but its spread into daily life raises a key question: how much monitoring can a free society absorb without losing trust? bindinghook.com/why-democrac...

👋 Don't miss the first Colloquium session tomorrow!

📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET

RedNovember Targets Government, Defense, and Technology Organizations RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Secret Service agents dismantle network that could shut down New York cellphone system Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.

1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.

Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.