Zainhosting

ZainHosting, a Pakistani web hosting services provider, has been identified as a significant threat actor in the cybersecurity landscape. The company is believed to be involved in operating malicious infrastructure for Transparent Tribe, a notorious cyber-espionage group. Three sets of domains—the malicious Transparent Tribe infrastructure, vebhost[.]com, and zainhosting[.]net/com—are evidently interrelated, with ZainHosting owning and managing the harmful infrastructure. This connection was established through various investigative methods, including the discovery of ZainHosting's name servers being used by vebhost[.]com. With a high degree of confidence, we assess that ZainHosting is not an isolated entity but one among many infrastructure contractors employed by Transparent Tribe. The company's role appears to involve deploying and managing parts of Transparent Tribe's infrastructure used in their campaigns. However, it should be noted that the full extent of ZainHosting's involvement within the Transparent Tribe organization remains unclear. ZainHosting's presence dates back to at least 2010, as evidenced by a webpage from that year listing rupees001[at]gmail[.]com as a contact address. The company continues to be active and heavily advertises its services on Facebook. Despite these public-facing activities, the underlying malicious actions tied to ZainHosting pose a substantial risk, necessitating further investigation and appropriate countermeasures.