Hackers Deliver SSH Tor Backdoor

Recent cybersecurity investigations have uncovered a sophisticated attack involving hackers deploying a backdoor that leverages SSH and Tor technologies. This backdoor enables threat actors to maintain stealthy, encrypted access to compromised systems, complicating detection and mitigation efforts. The use of Tor anonymizes the command and control communication, making attribution and takedown challenging for defenders. The attack highlights the evolving tactics of cybercriminals who combine traditional secure shell access with anonymity networks to evade security controls. Organizations are urged to enhance monitoring of SSH connections and implement strict access controls to detect unusual activity. Additionally, integrating threat intelligence on Tor-based backdoors can improve incident response and prevention strategies. This development underscores the importance of layered security defenses and continuous vigilance against advanced persistent threats exploiting encrypted and anonymized channels.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Nov 2025 12:55:18 +0000

Cyber News related to Hackers Deliver SSH Tor Backdoor

Tor vs. VPN: What They Do and Which is Better - The Tor browser is a tool that anyone can download for Linux, Mac, Windows and mobile devices. The Tor browser is primarily used to protect your identity online. Tor also protects your online privacy by preventing websites and services from tracking ...
1 year ago Pandasecurity.com

New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
1 year ago Cybersecuritynews.com

Tor Project removes relays because of for-profit, risky activity - The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users. Tor network relays are routing points that help anonymize the original traffic source ...
1 year ago Bleepingcomputer.com

Tor University Challenge: First Semester Report Card - In August of 2023 EFF announced the Tor University Challenge, a campaign to get more universities around the world to operate Tor relays. The primary goal of this campaign is to strengthen the Tor network by creating more high bandwidth and reliable ...
1 year ago Eff.org

BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian

Hackers Deliver SSH Tor Backdoor - Recent cybersecurity investigations have uncovered a sophisticated attack involving hackers deploying a backdoor that leverages SSH and Tor technologies. This backdoor enables threat actors to maintain stealthy, encrypted access to compromised ...
1 week ago Cybersecuritynews.com

Tor's new WebTunnel bridges mimic HTTPS traffic to evade censorship - The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. Tor bridges are relays not listed in the public Tor directory that keep ...
1 year ago Bleepingcomputer.com

CVE-2024-52308 - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to ...
11 months ago Tenable.com

In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
1 year ago Arstechnica.com

Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
1 year ago Gbhackers.com

The Tor Network Has Been Experiencing Distributed Denial of Service Attacks for Seven Months - For the past seven months, the Tor anonymity network has been the target of multiple distributed denial-of-service (DDoS) attacks, its maintainers reported this week. These attacks have been so severe that users have been unable to access pages or ...
2 years ago Securityweek.com

The Tor Network is Being Attacked Continuously by DDoS - The Tor Project recently revealed that its network has been under attack from Distributed Denial-of-Service (DDoS) attacks for the past seven months. This has caused issues with network connectivity and performance, making it difficult for users to ...
2 years ago Hackread.com

Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
1 year ago Hackread.com

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33

Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com

Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
1 year ago Darkreading.com

Outlaw Cybergang Attacking Linux Environments Worldwide With New Malware - A previously documented threat actor known as Outlaw (or “Dota”) has resurfaced with an enhanced malware toolkit targeting Linux servers globally, according to a recent incident response investigation by Securelist analysts. The malware’s ...
6 months ago Cybersecuritynews.com

Tor Browser 13.5.6 Released - What's New! - For Windows, macOS, and Linux users, Firefox has been updated to 115.16.0esr, with additional fixes like removing the hash check on updates (bug tor-browser#42737) and implementing the YEC 2024 Takeover for Desktop Stable (bug tor-browser#43098). The ...
1 year ago Cybersecuritynews.com

New Tor Oniux tool anonymizes any Linux app's network traffic - Unlike classic methods like torsocks, which rely on user-space tricks, Oniux uses Linux namespaces to create a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured. "We are ...
5 months ago Bleepingcomputer.com

Hackers use new IceBreaker malware to breach gaming companies - Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. The compromise method relies on tricking customer service agents into opening malicious ...
2 years ago Bleepingcomputer.com

Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
1 year ago Bleepingcomputer.com APT3 APT33

CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
11 months ago

CVE-2023-28436 - Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a ...
2 years ago

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

Tor Browser 13.5.6 Released - What's New! - GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents. Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, ...
1 year ago Gbhackers.com