* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, July 29, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

    League City seeking proposals for 53-acre entertainment district on sportsplex land – galvnews.com

    League City Invites Proposals to Transform 53-Acre Sportsplex into Vibrant Entertainment District

    Top 5 entertainment news: Sandeep Reddy Vanga regrets trimming Animal’s runtime by 7-8 minutes, Akshay Ku – Times of India

    Top 5 Entertainment Highlights: Sandeep Reddy Vanga Reveals Why He Trimmed Animal’s Runtime by 7-8 Minutes, Plus Akshay Ku Updates

    Cote de Pablo reveals how Michael Weatherly used his soap opera roots to put her at ease in “NCIS” love scene – yahoo.com

    Cote de Pablo Reveals How Michael Weatherly’s Soap Opera Background Made Their “NCIS” Love Scene Easier

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

    League City seeking proposals for 53-acre entertainment district on sportsplex land – galvnews.com

    League City Invites Proposals to Transform 53-Acre Sportsplex into Vibrant Entertainment District

    Top 5 entertainment news: Sandeep Reddy Vanga regrets trimming Animal’s runtime by 7-8 minutes, Akshay Ku – Times of India

    Top 5 Entertainment Highlights: Sandeep Reddy Vanga Reveals Why He Trimmed Animal’s Runtime by 7-8 Minutes, Plus Akshay Ku Updates

    Cote de Pablo reveals how Michael Weatherly used his soap opera roots to put her at ease in “NCIS” love scene – yahoo.com

    Cote de Pablo Reveals How Michael Weatherly’s Soap Opera Background Made Their “NCIS” Love Scene Easier

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

ORBs: Hacking groups’ new favourite way of keeping their attacks hidden

May 22, 2024
in Technology
ORBs: Hacking groups’ new favourite way of keeping their attacks hidden
Share on FacebookShare on Twitter

Beware the ORB: why attacks on your network could come from a home router down the street


Steve  Ranger

By

Steve Ranger

Published: 22 May 2024 15:00

Cyber-espionage groups are making it harder to spot where their attacks are coming from by upping their usage of proxy networks – known as operational relay box networks or ORBs – that can throw defenders off the scent.

Cyber security company Mandiant has warned that it has seen a growing trend for China-backed espionage operations, in particular, to use ORBs to cover their tracks.

These ORB networks are somewhat like botnets and can be made up of virtual private servers (VPS), as well as compromised internet of things (IoT) devices and insecure routers. This combination makes it harder for defenders to track attacks because these groups can disguise traffic between their command-and-control infrastructure and their final targets.

ORB networks are one of the major innovations in Chinese cyber espionage that are challenging defenders, said Michael Raggi, Mandiant principal analyst at Google Cloud.

“They’re like a maze that is continually reconfiguring with the entrance and the exit disappearing from the maze every 60 to 90 days,” he said. “To target someone, these actors may be coming from a home router right down the street. It’s not unusual for an entirely unwitting person’s home router to be involved in an act of espionage.” 

These networks are often built by renting VPS and using malware designed to target routers to grow the number of devices capable of relaying traffic. Because the makeup of these networks changes rapidly, using an ORB network makes it harder to spot attacks and pin them on a particular group in terms of attribution.

That makes classic indicators of compromise (IOC) – the tech details and clues commonly shared about attacks – less useful because these groups will regularly cycle through network infrastructure.

The scale of these networks, Mandiant said, means attackers can piggyback on devices that have a handy geographic proximity to targeted enterprises. That allows their malicious traffic to blend in when being reviewed by analysts.

“One such example would be traffic from a residential ISP that is in the same geographic location as the target that is regularly used by employees and would be less likely to get picked up for manual review,” said Mandiant’s report.

As a result, the security company said, enterprise security teams should shift their thinking. That means that rather than treating ORB networks as just part of the infrastructure used by attackers, they should track ORBs “like evolving entities akin to APT [advanced persistent threat] groups”.

ORB networks are not a new invention and have regularly been used as part of espionage campaigns to obscure who the attacker is and where they are. But Mandiant said the use of these networks by China-backed espionage actors has become more common over recent years.

These ORBs are infrastructure networks run by contractors or others within China. They are not controlled by a single APT espionage or hacking group, but are shared between them, which Mandiant said means multiple APT actors will use the ORB networks to carry out their own distinct espionage and reconnaissance.

This infrastructure often shifts – the lifespan of an IPv4 address associated with an ORB node can be as short as 31 days. Mandiant said a competitive differentiator among ORB network contractors in China appears to be their ability to cycle significant percentages of their compromised or leased infrastructure on a monthly basis.

That means just blocking the infrastructure linked to an ORB network at a particular time is not going to be as effective as was previously the case. “As a result, IOC extinction is accelerating and the shelf life of network indicators is decreasing,” Mandiant said.

“Infrastructure or the compromised router device communicating with a victim environment may now be identifiable to a particular ORB network, while the actor using that ORB network to carry out the attack may be unclear and require investigation of the complex tools and tactics observed as part of an intrusion,” the report said.

John Hultquist, Mandiant chief analyst, Google Cloud, added: “Chinese cyber espionage was once noisy and easily trackable. This is a new type of adversary.”

The nodes in an ORB network are usually distributed globally. Mandiant gives the example of one it tracks as ORB3 or Spacehop, which it described as a very active network used by multiple China-backed groups.

It uses a relay server hosted in either Hong Kong or China by cloud providers, while the relay nodes are often cloned Linux-based images, which are used to proxy malicious network traffic through the network to an exit node that communicates with targeted victim environments.

Mandiant said it was notable that this network has a “robust volume” of nodes in Europe, the Middle East, and the US – all of which are regions targeted by China-backed APT15 and ATP5.

In contrast, another network that Mandiant tracks (known as ORB2 or Florahox) also features compromised network routers and IOT devices. The network appears to contain several subnetworks composed of compromised devices recruited by the router implant known as Flowerwater.

Mandiant said that all of this creates a problem for defenders, because rather than simply blocking infrastructure associated with attackers they now have to consider what infrastructure is part of the ORB network right now, for how long, and who is using the ORB network.

Mandiant added that the best way to deal with the challenge posed by ORB networks is to stop tracking espionage command and control infrastructure as an inert indicator of compromise and start tracking it as an entity in itself.

“Instead, infrastructure is a living artifact of an ORB network that is a distinct and evolving entity where the characteristics of IP infrastructure itself, including ports, services, and registration/hosting data, can be tracked as evolving behaviour by the adversary administrator responsible for that ORB network,” Mandiant said.

It warned that the rise of the ORB industry in China points to long-term investments in equipping China-backed cyber operations with more sophisticated tactics and tools.

“Whether defenders will rise to this challenge depends on enterprises applying the same deep tactical focus to tracking ORB networks as has been done for APTs over the past 15 years,” Mandiant said.

Read more on Hackers and cybercrime prevention


Fancy Bear sniffs out Ubiquiti router users

AlexScroxton

By: Alex Scroxton


Critical infrastructure hacks raise alarms on Chinese threats

AlexanderCulafi

By: Alexander Culafi


US government disrupts Chinese botnet containing hundreds of end-of-life Cisco and Netgear routers

CarolineDonnelly

By: Caroline Donnelly


Chinese threat group exploited VMware vulnerability in 2021

ArielleWaldman

By: Arielle Waldman

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366585945/ORBs-Hacking-groups-new-favourite-way-of-keeping-their-attacks-hidden

Tags: Group’sHackingtechnology
Previous Post

AI Seoul Summit: 27 nations and EU to set red lines on AI risk

Next Post

Dutch employers should discuss using algorithms in managing staff

Oxygen & nutrients in Puget Sound – Department of Ecology – State of Washington (.gov)

Vital Oxygen and Nutrient Levels in Puget Sound: What You Need to Know

July 29, 2025
What U.S. science stands to lose without international graduate students and postdoctoral researchers – The Transmitter

What U.S. science stands to lose without international graduate students and postdoctoral researchers – The Transmitter

July 29, 2025
Pacific Science Center announces short-term closure to dismantle exhibit – The Seattle Times

Pacific Science Center Temporarily Closes to Dismantle Popular Exhibit

July 29, 2025
You can slow cognitive decline as you age, large study finds. Here’s how – CNN

You can slow cognitive decline as you age, large study finds. Here’s how – CNN

July 29, 2025
Artlogic and ArtCloud Merge in Bid to Shape Art World’s Digital Backbone – ARTnews.com

Artlogic and ArtCloud Join Forces to Transform the Digital Future of the Art World

July 29, 2025
Culture-Native Wallets Are Next: Inside Luffa’s Fan-Economy Operating System – The Defiant

Culture-Native Wallets Are Next: Inside Luffa’s Fan-Economy Operating System – The Defiant

July 29, 2025
The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

$1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

July 29, 2025
Public Health spraying for mosquitoes in Dayton, Vandalia – Spectrum News

Public Health spraying for mosquitoes in Dayton, Vandalia – Spectrum News

July 29, 2025
July 28, 2025: Donald Trump presidency news – CNN

July 28, 2025: Donald Trump presidency news – CNN

July 29, 2025
More than just a hockey player – Rochester Institute of Technology Athletics

Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

July 29, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (745)
  • Economy (769)
  • Entertainment (21,649)
  • General (16,177)
  • Health (9,806)
  • Lifestyle (777)
  • News (22,149)
  • People (771)
  • Politics (778)
  • Science (15,982)
  • Sports (21,266)
  • Technology (15,749)
  • World (752)

Recent News

Oxygen & nutrients in Puget Sound – Department of Ecology – State of Washington (.gov)

Vital Oxygen and Nutrient Levels in Puget Sound: What You Need to Know

July 29, 2025
What U.S. science stands to lose without international graduate students and postdoctoral researchers – The Transmitter

What U.S. science stands to lose without international graduate students and postdoctoral researchers – The Transmitter

July 29, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version