Analysis

The U.S. Treasury Department has imposed economic sanctions on Funnull Technology Inc. and its administrator, Liu Lizhi, for providing essential computer infrastructure that enabled "pig butchering" virtual currency investment scams, leading to over $200 million in U.S. victim-reported losses. Funnull operated as a criminal content delivery network, routing illicit traffic through U.S.-based cloud providers, including Amazon Web Services (AWS) and Microsoft Azure. While Microsoft reportedly succeeded in removing Funnull's malicious infrastructure from its networks following a January 2025 KrebsOnSecurity report based on Silent Push research, Amazon continues to face challenges in effectively eliminating Funnull servers, some of which have persisted since 2023, drawing criticism for its perceived inadequate response despite claims of actively countering abuse. This situation underscores the persistent exploitation of U.S. cloud infrastructure by cybercriminals due to the reluctance of organizations to block traffic from these major networks and the advantages of using geographically proximate U.S. IP addresses. The sanctions on Funnull, and similar EU sanctions on entities like Stark Industries Solutions for facilitating Russian cyber activities, highlight a growing regulatory focus on disrupting the infrastructure supporting cybercrime and state-sponsored malicious online operations, which presents ongoing operational and reputational considerations for major cloud service providers.