A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks


Since January 2020, a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser.

The group has been so prodigious and persistent in their attacks, that by May 2020, they ran a quarter of all Tor exit relays — the servers through which user traffic leaves the Tor network and accesses the public internet.

According to a report published on Sunday by an independent security researcher and Tor server operator known as Nusenu, the group managed 380 malicious Tor exit relays at its peak, before the Tor team made the first of three interventions to cull this network.

Read more…
Source: ZDNet