MITRE ATT&CK / T1090
T1090
Proxy
Description
Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including [HTRAN](https://attack.mitre.org/software/S0040), ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.Adversaries can also take advantage of routing schemes in Content Delivery Networks (CDNs) to proxy command and control traffic.
Platforms
Mitigations
- M1037 — Filter Network Traffic
- M1031 — Network Intrusion Prevention
- M1020 — SSL/TLS Inspection
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Ghostwriter Deploys Prometheus Phishing Lures Against Ukraine Government Entities
- LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures
- Twelve Critical vm2 Node.js Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
- Vercel's v0.dev AI Tool Weaponized for Phishing Campaigns Targeting Microsoft, Nike Users
- Adversary-in-the-Middle Phishing Campaign Hits GoDaddy ManageWP via Google Ads
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →