Security News > 2024 > May > State hackers turn to massive ORB proxy networks to evade detection
Security researchers are warning that China-linked state-backed hackers are increasingly relying on a vast proxy server network created from virtual private servers and compromised online devices for cyberespionage operations.
Called operational relay box networks, these proxy meshes are administered by independent cybercriminals that provide access to multiple state-sponsored actors.
The use of ORBs has been observed in the past, the most prominent recent example being the Volt Typhoon attacks on US critical infrastructure organizations using SOHO network equipment.
This appears to be a feature of ORB network contractors in China, who can "Cycle significant percentages of their compromised or leased infrastructure on a monthly basis."
Defenders can miss malicious traffic from these networks because ORB administrators use Autonomous System Number providers in various parts of the world.
Chinese hackers hide on military and govt networks for 6 years.