Tip
- There are a number of network tunneling tools available online for managing and interacting with systems across different environments.
- They allow users to securely connect to remote servers or services through encrypted channels that can bypass network restrictions and firewalls.
- These tools may also expose local development servers to the internet for testing and sharing.
- They are widely used for tasks like remote administration and development workflows, offering flexibility in network management.
Important
- Cybercriminals can utilize network tunneling tools to create encrypted tunnels, evade detection, and access restricted networks.
- These tools essentially facilitate command and control for an adversary, helping them to maintain a foothold and orchestrate further malicious activities.
| Tool Name | Threat Group Usage |
|---|---|
| Chisel | Sandworm |
| Cloudflared | Gamaredon |
| dnscat2 | EMBER BEAR |
| Dropbear | COZY BEAR |
| FortiClient | BERSERK BEAR |
| GOST | EMBER BEAR |
| Iodine | EMBER BEAR |
| Ngrok | Gamaredon |
| OpenSSH | FANCY BEAR |
| Pivotnacci | Sandworm |
| ProxyChains | EMBER BEAR |
| ReGeorg | COZY BEAR, FANCY BEAR, EMBER BEAR, Sandworm |
| Rsockstun | COZY BEAR |
| SSHDoor | FANCY BEAR |