Proxy/protocol relays

Proxies act as an intermediary for clients seeking resources from other systems. Using a proxy may make it more difficult to track back the origin of a network communication. [1]

ID: T1304

Tactic: Adversary Opsec

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defenders with standard capabilities will traditionally be able to see the first hop but not all the subsequent earlier hops an adversary takes to be able to conduct reconnaissance.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Proxies are readily available for the adversary with both free and cost-based options available.

References

  1. Mandiant. (n.d.). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved March 5, 2017.