APT29 USED DOMAIN FRONTING, TOR TO EXECUTE BACKDOOR

Share this…

APT29, a/k/a Cozy Bear, has been utilizing a technique called domain fronting in order to secure backdoor access to targets for nearly two years running, experts said Monday.

The nation state attackers have reportedly been pairing the anonymity software Tor with a Tor plugin that specializes in domain fronting in order to make it seem as if their traffic was going to a legitimate website, such as Google. Matthew Dunwoody, principal consultant at Mandiant, described the technique in a FireEye blog post on Monday.