Listen to this Post
Ongoing Threat Hidden in Plain Sight
A shocking new report from Silent Push Threat Analysts has unveiled that major Western tech companies—such as Amazon, Microsoft, and Meta—are still unknowingly hosting accounts tied to Lizhi Liu, the administrator of the now-sanctioned content delivery network (CDN) FUNNULL. Despite being blacklisted by the U.S. Treasury in May 2025 for facilitating cybercrime, Liu appears to maintain an active digital footprint across key platforms like Facebook, GitHub, LinkedIn, and even PayPal. FUNNULL has been identified as a central infrastructure hub for a wave of digital fraud targeting American investors, linking the CDN directly to over \$200 million in scams. This has raised alarm bells in Washington and among cybersecurity professionals, who now question the tech industry’s slow and inconsistent response to national security threats.
Web of Scams Enabled by Legitimate Platforms
Silent Push’s comprehensive investigation outlines how FUNNULL has evolved into a powerful enabler of virtual currency investment scams—commonly known as “pig butchering” schemes—that swindle individuals out of life savings, with average reported losses hitting \$150,000 per person. These scams, often disguised as legitimate crypto ventures, are hosted via FUNNULL and deeply embedded within Western cloud infrastructures, thanks to a strategy Silent Push calls “Infrastructure Laundering.” This allows threat actors to hide in plain sight, leveraging reputable services like Amazon Web Services and Microsoft Azure to run fraudulent operations undetected.
The report, aptly titled Unveiling Triad Nexus: How FUNNULL CDN Facilitates Widespread Cyber Threats, implicates a broader network—nicknamed the “Triad Nexus”—that uses Liu’s CDN expertise as a technical backbone for these crimes. Although Liu may not be the mastermind behind the financial schemes, his role as a facilitator is critical. Silent Push’s data shows he’s been active online since at least 2010, with traces of anti-Western commentary scattered across his blogs and social media accounts.
Despite being sanctioned, Liu’s activity hasn’t stopped. In June 2025, he was still updating his Facebook group focused on tourism in Ganzhou, China. He also maintains active developer accounts on GitHub, where projects like “GunDNS” suggest a prototype stage for FUNNULL’s infrastructure. Liu’s accounts stretch far beyond development circles—his images remain publicly accessible on Flickr and DeviantArt, and his long-used email address, [email protected], has shown up in several data breaches.
Interestingly, while Google has taken steps to remove
Perhaps even more concerning is FUNNULL’s link to the cryptocurrency laundering ecosystem. Chainalysis data has revealed direct financial ties between FUNNULL and Huione Pay, a crypto payments platform already flagged by FinCEN for its association with illicit money laundering. This intersection of technical infrastructure and shady financial operations points to a systemic vulnerability in global cybersecurity and compliance.
Silent Push urges companies to adopt proactive threat-monitoring tools, such as its Community Edition, to identify and neutralize FUNNULL-associated risks. The firm continues to investigate the Triad Nexus in an effort to dismantle the threat before it evolves further. For now, the burden rests heavily on cloud service providers and platforms to act swiftly—and in unity—before the damage escalates even further.
What Undercode Say:
The Quiet Evolution of Cybercrime Infrastructure
The real story here isn’t just that Lizhi Liu is operating under sanctions—it’s how Western tech companies have allowed a foreign actor, flagged by both the U.S. Treasury and the FBI, to exploit their platforms with little resistance. This case illustrates how cybercriminal infrastructure has moved beyond dark web hideouts and into the very architecture of the internet economy. Liu’s use of “Infrastructure Laundering” shows a deep understanding of Western compliance blind spots. By hiding malicious operations within trusted cloud services, he’s evaded detection while maximizing reach.
Failure in Sanctions Enforcement
Sanctions are only as strong as the enforcement behind them. This case exposes glaring gaps in compliance among U.S.-based platforms. While Google deserves credit for removing Liu’s YouTube presence, Microsoft, Meta, and others have allowed his accounts to persist—either out of negligence or an unwillingness to act without clear legal consequences. This sends the wrong message: that sanctioned individuals can simply hop platforms and carry on.
The Developer Persona as a Shield
Liu’s digital persona—part open-source developer, part lifestyle blogger—is more than a cover story. It’s a well-crafted identity that blends legitimate interests with covert activity. By maintaining public GitHub repositories, fashion-related blogs, and community groups, Liu avoids fitting the traditional hacker profile. This multifaceted image helps him maintain platform access and community goodwill while quietly enabling criminal activity.
Cryptocurrency as a Smokescreen
The linkage between FUNNULL and Huione Pay adds another layer of complexity. Blockchain, once lauded for transparency, is being weaponized for obfuscation. Scammers exploit decentralized finance to convert stolen funds into hard-to-trace digital assets. Liu’s CDN acts as a gateway for these operations, feeding a pipeline that supports criminal finance on a global scale.
A Weak Chain of Accountability
This issue also raises questions about corporate responsibility. Many tech giants claim to prioritize safety and compliance, yet their inaction in this case tells a different story. It reveals how fragmented internal policies and jurisdictional uncertainties can give sanctioned individuals ample room to maneuver. Without a unified enforcement mechanism or industry-wide protocol, the next Liu could slip through even more easily.
Implications for Future Threat Vectors
FUNNULL’s model is scalable and repeatable. If Liu is using these techniques, others likely are too. Expect more CDNs to be weaponized in similar ways, especially as cybercriminals continue to adopt enterprise-grade infrastructure. As a result, companies must think beyond firewalls and focus on the underlying architecture of trust that cybercriminals are now targeting.
Lessons for Tech Policy and Regulation
The key takeaway is that regulatory tools like sanctions require digital teeth. Sanction enforcement must include clearer directives for platform compliance, automated detection systems for flagged entities, and real-time auditing capabilities. Until then, sanctioned operators like Liu will continue to operate comfortably within the very systems meant to contain them.
Time to Rethink Threat Detection
Traditional IP-based blacklisting is outdated. As FUNNULL has shown, infrastructure laundering allows threat actors to bypass those measures effortlessly. The future of cybersecurity lies in behavior-based analysis, pattern recognition, and advanced AI threat modeling. Companies that fail to upgrade will remain vulnerable—and complicit.
🔍 Fact Checker Results:
✅ Liu and FUNNULL were officially sanctioned by the U.S. Treasury in May 2025
✅ Google has removed Liu’s YouTube channel, but other platforms still host his accounts
✅ Chainalysis confirmed cryptocurrency laundering links between FUNNULL and Huione Pay
📊 Prediction:
If major cloud providers and platforms fail to enforce U.S. sanctions rigorously, we will likely see a surge in infrastructure-based cybercrime. More CDN-like services will emerge, exploiting the same loopholes FUNNULL used. Expect a regulatory crackdown within 12–18 months, possibly requiring platforms to integrate automated sanctions compliance tools.
References:
Reported By: cyberpress.org
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
