China-Linked APT Expands Proxy Network With New Malware
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
Proxy servers can mask network origins, filter traffic, and create security risks when attackers abuse them for evasion or unauthorized access.
Search across headline titles and summaries.
Background for this topic.
A proxy is an intermediary that sends requests to a destination and returns responses, so the client and destination do not communicate directly. A forward proxy represents users or systems making outbound connections; a reverse proxy represents an application or service to inbound clients and may route traffic, terminate TLS, or enforce authentication. This tag generally concerns these network components, not browser-based privacy tools alone.
Security depends heavily on configuration and trust boundaries. A forward proxy can enforce egress policy and provide useful logs, but an exposed or misconfigured one may permit unauthorized relaying, while proxy logs can reveal sensitive browsing or business activity. TLS inspection requires controlled certificate deployment and careful handling of decrypted traffic. Reverse proxies reduce direct exposure of back-end services, but access controls must not rely solely on them, and forwarded client-IP headers must be trusted only from known proxies. During investigations, proxy logs help reconstruct connections, but shared addresses and address translation can complicate attribution.
Weekly headline count for the current query.
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users
Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide
Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations
A new DeadLock ransomware operation uses Polygon blockchain smart contracts to manage proxy server addresses
The browser extension Urban VPN Proxy has been reportedly collecting users’ AI chat conversations
The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet
The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services
Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts
Volt Typhoon and other Chinese cyber espionage actors are relying on operational relay box (ORB) networks, Mandiant has observed
The routers were hijacked to steal credentials, proxy traffic, and host phishing pages and custom tools