Author | Lightnews

Zach Edwards @thezedwards.bsky.social · 11d

fun to see my mom in this crowd shot from the No Kings rally in Houston featured by the Houston Chronicle @ www.houstonchronicle.com/projects/202...

Large crowd of people at the No Kings rally in Houston, includes signs and flags and a blue and red and white umbrella and several inflatable frogs

1 14

Zach Edwards @thezedwards.bsky.social · Sep 19

Has anyone ever successfully received data from a personal Yandex data access request? Essentially receiving what data they collect on you as required under a bunch of privacy laws?

2

Zach Edwards @thezedwards.bsky.social · Sep 9

appreciate the link!

1

Zach Edwards @thezedwards.bsky.social · Sep 9

fwiw it was formerly owned by Elizabeth Wurtzel

Zach Edwards @thezedwards.bsky.social · Sep 9

It's possible but really no clue - got it at an estate sale from another author

2

Zach Edwards @thezedwards.bsky.social · Sep 9

I’ve got this 100+ year old copy of an old play about Abraham Lincoln’s life which was owned by someone named Alden Nash who had an interesting personal emblem that he screen printed & glued onto the cover page.

The play was shown at the Birmingham Repertory Theatre then the Hammersmith Playhouse.📚

Picture of a light blue book cover with a drawing of Abraham Lincoln and the text “Abraham Lincoln A Play By John Drinkwater”

A book page with a large black box glued to it with a white border in the box - the text says “ExLibris Alden Nash” and there is a strange symbol in the middle which appears to be the personal emblem of this Nash individual. The symbol has a double cross on top of a circle with a N in part of the circle. The circle is split by a horizontal line and part of the vertical line of the cross above.

3 21

Zach Edwards @thezedwards.bsky.social · Aug 6

cheers thanks very much!! 🖖

3

Zach Edwards @thezedwards.bsky.social · Aug 6

Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... 🖖🏻

Mind map of SocGholish (Operated by TA56) infection chains. The details are complex but explained in more detail on our blog post.

5 11

Zach Edwards @thezedwards.bsky.social · Jul 22

Congrats! Very well deserved. 🖖🏻

3

Zach Edwards @thezedwards.bsky.social · Jul 3

Our team looks forward to providing updates on the FUNNULL CDN and the owner over the coming weeks and months. This network isn’t done and much stronger efforts need to be taken in the U.S. by a wide range of companies to deal w/ this ongoing persistent threat out of China. 🖖

Zach Edwards @thezedwards.bsky.social · Jul 3

I’ve got my own personal non-lawyer opinions (seems quite risky to host accounts for the owner of the largest CDN hosting scams targeting Americans), but I gotta assume that this is complex and there is currently a grey area that the U.S. Treasury needs to clarify.

1 1

Zach Edwards @thezedwards.bsky.social · Jul 3

It seems clear that serious enterprise lawyers from major tech companies may not agree on what U.S. Treasury sanctions require them to do when an individual is sanctioned who has accounts on their service.

1 1

Zach Edwards @thezedwards.bsky.social · Jul 3

Our research confirmed Lizhi still has active accounts on services including:
Twitter
GitHub
LinkedIn
Facebook
Google Code / Google Groups
Medium
PayPal
WordPress
HuggingFace
Gravatar / WordPress
Vercel
Deviant Art / Wix
Flickr / SmugMug
About Me / Vendasta
Tawk[.]to

1 1

Zach Edwards @thezedwards.bsky.social · Jul 3

Krebs put it nicely in his piece, “However, as Mr. Lizhi’s case makes clear, just because someone is sanctioned doesn’t necessarily mean big tech companies are going to suspend their online accounts.”

1

Zach Edwards @thezedwards.bsky.social · Jul 3

Do U.S. Treasury sanctions really have no teeth to require companies to ban accounts?

In this publishing process, we learned that different enterprise companies currently have different interpretations of what U.S. Treasury Sanctions / SDN processes require.

1

Zach Edwards @thezedwards.bsky.social · Jul 3

FUNNULL hosted websites have caused over $200 million in losses to U.S. victims, with an average loss of $150,000 per individual.

And yet the FUNNULL admin, who was also directly sanctioned, still has dozens of accounts on various Western enterprise services. So what gives?

1

Zach Edwards @thezedwards.bsky.social · Jul 3

FUNNULL CDN and the admin Liu Lizhi (aka Steve / Steven Lizihi) were both sanctioned by the U.S. Treasury in May 2025 – and in the announcement it was noted that “Funnull is linked to the majority of virtual currency investment scam websites reported to the FBI.”

1

Zach Edwards @thezedwards.bsky.social · Jul 3

Read @briankrebs.infosec.exchange.ap.brid.gy report @ "Big Tech’s Mixed Response to U.S. Treasury Sanctions" @ krebsonsecurity.com/2025/07/big-...

Big Tech’s Mixed Response to U.S. Treasury Sanctions

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a m...

krebsonsecurity.com

1

Zach Edwards @thezedwards.bsky.social · Jul 3

We found tons of interesting details including some anti-American and anti-Japanese statements on his personal blog.

Brian Krebs was also able to cover the research and helped to engage the enterprise organizations who are still hosting his accounts.

1

Zach Edwards @thezedwards.bsky.social · Jul 3

Our SP piece can be viewed @ "Numerous Western Companies May Still Need to Ban FUNNULL Admin Accounts to Comply with U.S. Treasury Sanctions" @ www.silentpush.com/blog/funnull...

Numerous Western Companies May Still Need to Ban FUNNULL Admin Accounts to Comply with U.S. Treasury Sanctions

Numerous western companies may still need to ban FUNNULL Admin accounts to comply with U.S. Treasury Sanctions.

www.silentpush.com

1 1

Zach Edwards @thezedwards.bsky.social · Jul 3

If I’ve been quiet you know I’m cooking up some fire research!

Our team at @silentpush.bsky.social is out today with a big report about the admin / owner of the FUNNULL CDN – essentially a dox of all his accounts and activities on the internet for the last 15+ years.

1 1 4

Zach Edwards @thezedwards.bsky.social · May 29

"Funnull had direct exposure to Huione Pay, for which the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a finding and notice of proposed rulemaking (NPRM) identifying it as a primary money laundering concern" 👀

Chainalysis @chainalysis1.bsky.social · May 29

🚨Today, OFAC sanctioned Philippines-based tech firm, Funnull Technology Inc., and its administrator Liu Lizhi for their roles in facilitating crypto investment scams, commonly known as pig butchering. Read our blog to learn more: www.chainalysis.com/blog/ofac-sa...

2

Reposted by Zach Edwards

Catalin Cimpanu @campuscodi.risky.biz · May 29

More on Funnull in this Silent Push report from January: www.silentpush.com/blog/infrast...

These are also Funnull IPs and domains: bsky.app/profile/camp...

Catalin Cimpanu @campuscodi.risky.biz · May 29

The FBI has released pages of IOCs related to cyber scam infrastructure that has been active between October 2023 and April 2025

PDF: www.ic3.gov/CSA/2025/250...

3 4

Reposted by Zach Edwards

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · May 29

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator.

FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

US government sanctions tech company involved in cyber scams | TechCrunch

The Treasury said FUNNULL was involved in providing infrastructure for pig butchering crypto scams.

techcrunch.com

5 13

Zach Edwards @thezedwards.bsky.social · May 29

In case you aren't familiar with Infrastructure Laundering, it's the new fad for Chinese threat actors trying to keep their infrastructure online. It's Bulletproof Hosts but through major legit providers, getting online by ~stealing accounts through illicit means. www.silentpush.com/blog/infrast...

Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech

Infrastructure Laundering is a criminal practice of intermediaries enabling threat actors to hide infrastructure with major cloud providers.

www.silentpush.com

1