New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Aurologic accused of being a major actor in enabling cybercrime
In a new report by Insikt Group, they accuse that our very own LET Patron Provider Aurologic takes part in:
- Enabling sanctioned entities: Continuing to provide upstream connectivity to Aeza International Ltd despite US and UK sanctions
- Complicity over negligence: Operating as a central hub for numerous "threat activity enablers" (TAEs) and bulletproof hosting providers, with the report questioning whether this represents willful complicity rather than mere negligence
- Fraudulent registrations: Providing upstream connectivity to fraudulently registered networks that used stolen identities of legitimate companies (metaspinner, Lanedo, VSVK)
- Systematic inaction: Maintaining a purely reactive, legally-minimal approach to abuse complaints while high concentrations of malicious infrastructure (malware C2 servers, ransomware, infostealers, disinformation campaigns) persist on downstream networks
- Creating a safe haven: The report suggests aurologic's "neutrality" stance and limited enforcement effectively makes it an attractive, stable upstream provider for cybercriminals, with CEO Joseph Hofmann's own statements ("I can kick everyone out, but then at some point I won't make any sales") suggesting business considerations override security concerns
Obviously, rely on the full report and not my quickly summarized bullet points. They're best effort and just my understanding of accusations. Not meant to be taken as facts.
Full report here: https://www.recordedfuture.com/research/malicious-infrastructure-finds-stability-with-aurologic-gmbh
This discussion has been closed.
Comments
Aeza mentioned 🔥
not surprised
@jh_aurologic
In other news, water is wet.
LET Patron Provider approval review department a bit busy past year
I thought they only verify the receipt of the patron provider tag payment, no?
Sources say they're very diligent
Confirm, new questionnaire is harder than applying for bank account
Do you serve as a safe heaven for sanctioned Russian businesses and businesses using false identities?
Maybe
Ok looks good to me
You ask wrong questions, proper questions are how many clients and social media links
Wow insane scrutiny
well i never
Again or still? I'm pretty there had already discussion with this topic months ago!?
What’s the difference
Anyway the news isn’t that they’ve recently started doing this, the news is the report
I guess we’ll see how @jbiloh and LET reacts to this, everything is quite well summarized in the report
Where to bet nothing will change?
fuck bro i want to share my food with @jh_aurologic
1.003 odds
We did not share our food.
Finally, a host for my boatnet. Are they unsinkable too?
Wake up babe, LET's one and only @mw is in the report!
.
In other words: they focus on accusing the enemy of the us-americans and brits.
Now, where are they located? In London and in Somerville MA. What a coincidence!
And what do they try to do with their "report"? They try to accuse someone (AEZA) in Russia by attacking someone somehow having any kind of connection with said russian entity.
Wow , how (not at all) surprising!
As far as I know aurologic/ @jh_aurologic offers a quite decent DDOS protection plus probably some other services as well. And that's all we really need to know here.
P.S. Of bloody course they use AI ...
Hello @jsg please don’t feel the need to continue participating in this thread
Don't worry! It's not a need but a desire, the desire to laugh.
No selling needs no tag.
Yeah I pinned you as someone with a desperate desire to laugh as well.
I can say they're not the least spammy network. For certain I can say that the ham to spam ratio from their network is such that there's virtually no reason to accept mail from it. But, to be frank (that's my new name), 10 spam and 0 ham is enough to say the same thing.
There are a fair number of likely spam indicators available in places like this: https://bgp.he.net/net/152.89.244.0/22#_dnsrecords
Especially the mail.{facerollonkeyboard} records.
the original version listed me as regularly representing aeza lol
thankfully the author is a mutual on X dot com and quickly corrected it
Mind to share their contact?