Recherche : [tunnel] - Cyberveille

Using Trusted Protocols Against You: Gmail as a C2 Mechanism... https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism

02/05/2025 11:40:53

Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail. The threat actor’s email is the only potential clue as to their motivation, but once the tunnel is created, the threat actor can exfiltrate data or execute commands that we may not know about through these packages. These seven packages:

Coffin-Codes-Pro
Coffin-Codes-NET2
Coffin-Codes-NET
Coffin-Codes-2022
Coffin2022
Coffin-Grave
cfc-bsb
use Gmail, making these attempts less likely to be flagged by firewalls and endpoint detection systems since SMTP is commonly treated as legitimate traffic.

These packages have since been removed from the Python Package Index (PyPI).

CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory https://www.leviathansecurity.com/blog/tunnelvision

07/05/2024 10:52:26

We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.

Liens par page

Filtres