APT29, a/k/a Cozy Bear, has been utilizing a technique called domain fronting in order to secure backdoor access to targets for nearly two years running, experts said Monday.
The nation state attackers have reportedly been pairing the anonymity software Tor with a Tor plugin that specializes in domain fronting in order to make it seem as if their traffic was going to a legitimate website, such as Google. Matthew Dunwoody, principal consultant at Mandiant, described the technique in a FireEye blog post on Monday.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.