Back

Sandworm Leverages SSH-over-Tor for Covert Network Access

Severity: High (Score: 72.6)

Sources: Cybersecuritynews, Gbhackers

Summary

Sandworm (APT-C-13), a state-sponsored cyber threat group, has advanced its tactics by employing SSH-over-Tor tunneling to maintain long-term, covert access to targeted networks. This new technique represents a significant upgrade from previous methods, allowing for anonymous and encrypted communications. The group has historically targeted government entities, energy sectors, and research institutions since its inception in 2014. The attack typically initiates with spear-phishing campaigns to gain initial access. The full scope of the impact is still being assessed, but the shift in tactics indicates a more sophisticated approach to cyber espionage. Current reports suggest that this campaign is ongoing, with potential implications for national security and critical infrastructure. Specific tools and CVEs have not been disclosed in the articles, but the use of Tor suggests a focus on evasion and stealth. Key Points: • Sandworm has adopted SSH-over-Tor tunneling for covert network access. • The group targets government, energy, and research sectors. • The attack begins with spear-phishing to gain initial access.

Key Entities

  • Apt-c-13 (apt_group)
  • Frozenbarents (apt_group)
  • Sandworm (apt_group)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Energy (industry)
  • Government (industry)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • SSH (tool)
  • Tor (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed