OVERKILL
$100 Site Donor 2021
https://therecord.media/chinese-hacking-group-apt31-uses-mesh-of-home-routers-to-disguise-attacks
This is an older (2021) article, but it quotes Ben Koehl, who works at Microsoft's Threat Intelligence Center, indicating that using these bots as proxies makes the attack appear to be coming from domestic IP's to circumvent geoblocking.
I got into this in the couple of other threads and this utilization is in-line with the TP-Link Camaro Dragon thread where Chinese operatives are hijacking Chinese-origin products (TP-Link products) in order to wage cyber attacks.
There is plenty of utility here, a few that immediately come to mind are:
1. You hide the malicious traffic behind an endpoint that's compromised and isn't having its traffic monitored because it's a consumer device and connection
2. You circumvent geoblocking by having the traffic originate inside domestic borders
3. You can use a host of different devices to vary the location of the attack and even proxy through multiple devices if you really wanted to obfuscate the origin
Most home network gear is akin to a house owned by Ray Charles with noise cancelling headphones on. He's got no idea what's going on, who is coming in and out, hell, he could have a terrorist cell operating out of one of his bedrooms and he'd have no idea. With the Chinese-sourced devices like TP-Link, the idea that the terrorists might already have keys for 'ol Ray's house isn't far fetched.
This is an older (2021) article, but it quotes Ben Koehl, who works at Microsoft's Threat Intelligence Center, indicating that using these bots as proxies makes the attack appear to be coming from domestic IP's to circumvent geoblocking.
I got into this in the couple of other threads and this utilization is in-line with the TP-Link Camaro Dragon thread where Chinese operatives are hijacking Chinese-origin products (TP-Link products) in order to wage cyber attacks.
There is plenty of utility here, a few that immediately come to mind are:
1. You hide the malicious traffic behind an endpoint that's compromised and isn't having its traffic monitored because it's a consumer device and connection
2. You circumvent geoblocking by having the traffic originate inside domestic borders
3. You can use a host of different devices to vary the location of the attack and even proxy through multiple devices if you really wanted to obfuscate the origin
Most home network gear is akin to a house owned by Ray Charles with noise cancelling headphones on. He's got no idea what's going on, who is coming in and out, hell, he could have a terrorist cell operating out of one of his bedrooms and he'd have no idea. With the Chinese-sourced devices like TP-Link, the idea that the terrorists might already have keys for 'ol Ray's house isn't far fetched.
