Under Attack?

Cyber Criminals Burnt in Massive Data Centre Fire

March 16, 2021

OVHcloud fire knocks out Iranian hackers

The OVHcloud fire: Credit: Bas-Rhin departmental fire and rescue service

Cyber criminals and government spies were among the millions of people who found their websites and online infrastructure offline after a massive fire at the OVHcloud data centre this week.

A large but untold numbers of phishing sites went dark and control of infected computers was lost as fire engulfed a wing of the OVHcloud data centre based in Strasbourg, France, reducing the facility to rubble, damaging another, and resulting in unrecoverable data loss for customers.

Some 3.6 million mostly French websites including banks, email services, government, and businesses went offline as a result of the fire. No one was harmed in the blaze.

OVHcloud, which was a week away from filing an initial public offering on the Paris stock exchange, said it would be transparent about the cause of the fire and praised emergency service personnel.

The cloud provider was founded in 1999 and is Europe’s largest, but is well-known in the cyber security industry for housing cybercrime infrastructure in its data centres.

Experts say the company has been reluctant to remove cybercrime infrastructure reported by security researchers, making it a popular choice for criminals and government cyber spies.

Costin Raiu, veteran cybercrime researcher with Russian security firm Kaspersky, said his team had been tracking 140 command-and-control servers, the controls through which cybercrime operations are orchestrated, at the OVHCloud data centre.

Of those, 50 were sent offline as a result of the fire.

Cyber criminals often lose access to their networks of infected computers when their command-and-control servers go offline while government spies may lose important tools and means of access.

Iranian government hacking groups Charming Kitten, Bahamut, and APT39 had their operations disrupted by the OVHcloud fire, as did Vietnam hacking outfit OceanLotus, known to target dissidents in the region, including in Australia.

It is likely the disruption will be short-lived while operators set up shop with other cloud providers

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.