Sandworm APT Uses SSH-over-Tor for Stealthy Long-Term Persistence
Why it matters: Indian critical infrastructure operators must update their threat intelligence and enhance network monitoring to detect sophisticated SSH-over-Tor tunneling used by advanced persistent threat groups for stealthy, long-term access.
The state-sponsored Sandworm APT group has upgraded its intrusion tactics, now employing SSH-over-Tor tunnels for long-term, hidden access within victim networks. This new tradecraft represents a shift from simpler malware callbacks to a more anonymous and encrypted persistence mechanism. Security teams must enhance their detection capabilities to identify this sophisticated tunneling technique.
Source: Cybersecurity News