Threats Tagged 'relay network'
View all threats tagged with 'relay network'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'relay network'
Click on any threat for detailed analysis and mitigation recommendations
Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2 0 An Iranian threat actor's operational infrastructure was exposed through an open directory, revealing a 15-node relay network spanning Finland and Iran, an SSH-based botnet framework, and an active command and control server. The exposed bash history documented the full operation, including tunnel deployment, DDoS tooling development, and botnet creation. The actor used on-host compilation to evade detection and leveraged a Python script for mass SSH deployment. The botnet client, compiled and renamed 'hex' on infected hosts, showed automatic reconnection capabilities. This operation appears to be financially or personally motivated rather than state-directed, with infrastructure dual-purposed for censorship bypass and attack operations. Join the discussion | AlienVault OTX General | 03/17/2026, 15:07:57 UTC Added: 03/17/2026, 19:27:29 UTC |
Ink Dragon's Relay Network and Stealthy Offensive Operation 0 Ink Dragon, a Chinese threat actor, is conducting a sophisticated espionage campaign targeting government entities in Europe, Southeast Asia, and South America. The group exploits IIS misconfigurations to gain initial access and deploys a custom ShadowPad IIS Listener module to create a victim-based relay network, turning compromised servers into nodes of a distributed mesh. They use a new variant of the FinalDraft malware and platform-native tools to maintain stealth and blend into normal enterprise telemetry. Their operations are characterized by disciplined playbooks and advanced software engineering, enabling persistent and covert intrusions. The campaign poses a medium severity threat due to its targeted nature and stealth capabilities, with no known public exploits yet. European organizations, especially government sectors running IIS servers with potential misconfigurations, are at risk. The threat actor’s relay network complicates detection and response efforts, increasing the potential impact on confidentiality and operational integrity. Mitigation requires focused IIS hardening, network segmentation, and advanced telemetry analysis to detect anomalous relay behaviors. Join the discussion | AlienVault OTX General | 12/16/2025, 14:57:29 UTC Added: 12/16/2025, 19:02:02 UTC |
Showing 1 to 2 of 2 results