Chinese hackers, specifically Chinese-backed threat actors, are increasingly relying on covert operational relay box (ORB) networks to conduct espionage operations. These networks, composed of compromised devices like virtual private servers and IoT devices, enable espionage operators to evade detection and complicate attribution, ultimately shifting the advantage in their favor. Mandiant's report highlights the use of ORBs by Chinese nation-state groups like Volt Typhoon, detailing how these networks raise the cost of defending enterprise networks and allow multiple threat actors to leverage the same infrastructure for conducting cyber espionage campaigns
By utilizing ORBs, threat actors disguise traffic between their infrastructure and target environments, which poses challenges for defenders including useless indicators of compromise and attribution complexities. Mandiant emphasizes the need for enterprises to track ORBs as evolving entities, akin to APT groups, to effectively combat the increasing threat posed by ORB networks in the cybersecurity landscape. ```https://www.infosecurity-magazine.com/news/chinese-apt-orb-networks/