A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Since January 2020, a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser.

The group has been so prodigious and persistent in their attacks, that by May 2020, they ran a quarter of all Tor exit relays — the servers through which user traffic leaves the Tor network and accesses the public internet.

According to a report published on Sunday by an independent security researcher and Tor server operator known as Nusenu, the group managed 380 malicious Tor exit relays at its peak, before the Tor team made the first of three interventions to cull this network.

"The full extend[sic] of their operations is unknown, but one motivation appears to be plain and simple: profit," Nusenu wrote over the weekend.

The researcher says the group is performing " person-in-the-middle attacks on Tor users by manipulating traffic as it flows through their exit relays," and that they are specifically targeting users accessing cryptocurrency-related websites using the Tor software or Tor Browser.

The goal of the person-in-the-middle attack is to execute "SSL stripping" attacks by downgrading the user's web traffic from HTTPS URLs to less secure HTTP alternatives.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
TOR Project seems like not doing anything effectively due to resource shortage according to the below

 
Last edited:

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top