Tip
- There are a number of network tunneling tools available online for managing and interacting with systems across different environments.
- They allow users to securely connect to remote servers or services through encrypted channels that can bypass network restrictions and firewalls.
- These tools may also expose local development servers to the internet for testing and sharing.
- They are widely used for tasks like remote administration and development workflows, offering flexibility in network management.
Important
- Cybercriminals can utilize network tunneling tools to create encrypted tunnels, evade detection, and access restricted networks.
- These tools essentially facilitate command and control for an adversary, helping them to maintain a foothold and orchestrate further malicious activities.
Tool Name | Threat Group Usage |
---|---|
Chisel | Sandworm |
Cloudflared | Gamaredon |
dnscat2 | EMBER BEAR |
Dropbear | COZY BEAR |
FortiClient | BERSERK BEAR |
GOST | EMBER BEAR |
Iodine | EMBER BEAR |
Ngrok | Gamaredon |
OpenSSH | FANCY BEAR |
Pivotnacci | Sandworm |
ProxyChains | EMBER BEAR |
ReGeorg | COZY BEAR, FANCY BEAR, EMBER BEAR, Sandworm |
Rsockstun | COZY BEAR |
SSHDoor | FANCY BEAR |