Tunnel - SparTech Software

A tunnel in networking is a technique for securely and efficiently transferring data from one network to another by encapsulating packets—essentially wrapping one network protocol inside another. This allows data to traverse networks that might not natively support the original protocol or to bypass certain network restrictions.

How Tunneling Works

• Encapsulation: The original data packet (including its header and payload) is placed inside another packet. The outer packet uses the protocol supported by the network it must cross, while the inner packet contains the original data and protocol information.
• Transmission: The encapsulated packet travels across the network (often a public network like the Internet).
• Decapsulation: At the tunnel endpoint, the outer packet is removed, and the original packet is delivered to its intended destination.

Common Uses of Tunneling

• Virtual Private Networks (VPNs): Tunnels are widely used to create secure, private connections over public networks, allowing remote users to access resources as if they were on the same local network.
• Protocol Support: Tunneling enables the use of protocols not natively supported by the underlying network (e.g., running IPv6 over IPv4 networks).
• Firewall Bypass: Tunnels can encapsulate traffic within allowed protocols (such as HTTP or HTTPS) to bypass firewall restrictions.
• Remote Access: Users can connect securely to corporate resources from remote locations using tunneling techniques.

New malware campaign, Serpentine#Cloud, leverages Cloudflare Tunnels for stealthy attacks.
Serpentine#Cloud is a recently identified malware campaign where threat actors leverage Cloudflare Tunnels to conduct stealthy attacks, bypassing traditional security measures and maintaining persistent, covert access to compromised networks.
FBI and Canada’s Cyber Centre issue warning regarding Chinese cyberattacks targeting Canadian telecommunications.
The Canadian Centre for Cyber Security (Cyber Centre), in partnership with the United States Federal Bureau of Investigation (FBI), has issued a joint warning regarding ongoing cyberattacks targeting Canadian telecommunications companies. These attacks have been attributed to state-sponsored threat actors from the People’s Republic of China (PRC), specifically a group tracked as “Salt Typhoon” in industry reporting.
Chinese-linked Houken targets France in Ivanti zero-day exploit campaign.
A Chinese-linked hacking group, dubbed “Houken,” has been identified as the orchestrator of a sophisticated cyberattack campaign targeting French organizations by exploiting multiple zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices. The campaign was first detected by France’s national cybersecurity agency, ANSSI, in September 2024, though evidence suggests it may have started as early as 2023.
Glossary: Pivot
Pivoting refers to the technique where an attacker, after compromising one system within a network, uses that system as a foothold to move laterally and access other systems that would otherwise be inaccessible. This is a fundamental tactic in advanced persistent threat (APT) attacks and penetration testing, allowing the attacker to expand their reach within the target environment.
Interlock ransomware group has developed a new PHP-based remote access trojan (RAT) designed to evade detection.
Security researchers from The DFIR Report, in collaboration with Proofpoint, have identified a significant new campaign by the Interlock ransomware group. The threat actors are leveraging a newly developed remote access trojan (RAT) to target organizations across multiple sectors, marking a notable evolution in their tactics and tooling.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Related