Last Updated on 10/12/2021 by Nidhi Khandelwal
Within the Tor network, KAX17 was discovered hosting relay servers in several spots, including entrance, middle, and exit nodes.
Researchers destroyed at least 900 servers utilised by the gang between October and November, bringing the daily total to about 9,000-10,000.
The operators can discover which website the user is linked to by controlling these relays. Furthermore, traffic can be altered if a user is using an insecure connection.
The majority of the Tor relay servers utilised by the KAX17 group were configured as entry and middle points and were situated in data centres throughout the world.
In August 2020, a security researcher (who goes by the moniker Nusenu) announced that a threat actor has gained control of 23 percent of the Tor network’s exit nodes for the first time.
A repetition of the incident was detected by the same researcher, who labelled these targeted servers as KAX17.
The group has been adding servers with no contact information to the Tor network in large quantities on a regular basis.
The possibility of connecting a guard relay (entry node) operated by KAX17 was around 16 percent, but when transiting through one of the threat group’s middle relays, the chance climbs to 35 percent. The group, on the other hand, only has a few exit points.
Recent results demonstrate how anonymous networks, which are supposed to be private, can be hacked as well. The discoveries were communicated with the Tor Project, and all of the exit relays that had been set up in October 2020 were taken down. Malicious relays that were set up between October and November were also removed.
