New Sandworm Tradecraft Uses SSH-over-Tor Tunnel for Long-Term Hidden Persistence

📅 28 April 2026 at 11:09 UTC📰 Cyber Security NewsView original source ↗

A state-sponsored threat group, Sandworm (also tracked as APT-C-13 and FROZENBARENTS), has launched a targeted cyberattack campaign using a combined SSH and Tor tunneling technique to maintain long-term hidden access inside victim networks. This campaign marks a clear upgrade from the group’s earlier intrusion tactics, shifting from simple malware callbacks toward a fully anonymous, encrypted […] The post New Sandworm Tradecraft Uses SSH-over-Tor Tunnel for Long-Term Hidden Persistence appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Sandworm (APT-C-13 and FROZENBARENTS) has upgraded its intrusion tactics by using a combined SSH and Tor tunneling technique for long-term hidden access inside victim networks, marking a shift from simple malware callbacks to fully anonymous, encrypted attacks.

⚙️Technical Details

Affected Systems

Victim networks

Attack Vectors

SSH-over-Tor tunnel

💥Impact Assessment

Severity: Critical

Who Is at Risk

Organizations with networks vulnerable to targeted cyberattacks by state-sponsored threat groups

🛡️Recommended Actions

1Implement robust network segmentation and monitoring to detect unusual SSH activity

2Regularly update and patch SSH servers to prevent exploitation of known vulnerabilities

3Deploy intrusion detection systems (IDS) with Tor traffic analysis capabilities

📦Affected Products

Software: SSH servers

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed