Hacking groups are increasingly using operational relay box networks (ORBs) to disguise the origin of their attacks, challenging defenders due to the rapid changes in network makeup, making it harder to attribute attacks to specific groups. ORBs are similar to botnets, made up of virtual private servers and compromised IoT devices, complicating tracking efforts. Mandiant warns about China-backed espionage operations favoring ORBs to cover their tracks, with ORB networks constantly evolving and mimicking APT groups
The complexity of ORBs requires a shift in security teams' approach from traditional indicators of compromise to treating ORBs as dynamic entities. ORBs are not controlled by a single hacking group but shared among multiple APT actors, requiring a deeper focus from enterprises to counter these evolving tactics. The rise of ORBs in China signifies a long-term investment in cyber operations, urging defenders to adapt their tracking and response strategies to combat this novel adversary. ```https://www.computerweekly.com/news/366585945/ORBs-Hacking-groups-new-favourite-way-of-keeping-their-attacks-hidden