APT29 Domain Fronting With TOR
All Blog Listing
2017-03-27 20:00:00
收藏
Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques. Domain fronting provides outbound network connections that are indistinguishable from legitimate requests for popular websites.
APT29 has used The Onion Router (TOR) and the TOR domain fronting plugin meek to create a hidden, encrypted network tunnel that appeared to connect to Google services over TLS
目录
最新
- Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
- COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs
- Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
- Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
- Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
- DPRK IT Workers Expanding in Scope and Scale
- BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
- Unraveling Time: A Deep Dive into TTD Instruction Emulation Bugs