"Hackers Increasingly Abuse Cloudflare Tunnels for Stealthy Connections"

There has been a rise in the abuse of the legitimate Cloudflare Tunnels feature by hackers to establish stealthy HTTPS connections from compromised devices, circumvent firewalls, and maintain long-term persistence. In January 2023, Phylum reported that threat actors had created malicious PyPI packages that used Cloudflare Tunnels to stealthily steal data or remotely access devices. GuidePoint's DFIR and GRIT teams recently reported increased activity, suggesting more threat actors are using this technique. CloudFlare Tunnels is a popular feature offered by Cloudflare that enables users to create secure, outbound-only connections to the Cloudflare network for web servers or applications. Users can deploy a tunnel by installing one of the available clients for Linux, Windows, macOS, and Docker. The service is then exposed to the Internet on a user-specified hostname to facilitate legitimate use-case scenarios such as resource sharing, testing, and more. This article continues to discuss hackers increasingly abusing the legitimate Cloudflare Tunnels feature.

Bleeping Computer reports "Hackers Increasingly Abuse Cloudflare Tunnels for Stealthy Connections"