Monday November 25, 2024

August 07, 2023 BleepingComputer published Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.

The technique isn't entirely new, as Phylum reported in January 2023 that threat actors created malicious PyPI packages that used Cloudflare Tunnels to stealthy steal data or remotely access devices.

However, it appears that more threat actors have started to use this tactic, as GuidePoint's DFIR and GRIT teams reported last week, seeing an uptick in activity. Read More..