Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

A large-scale web traffic hijacking campaign has been uncovered, exploiting malicious NGINX configurations to redirect user traffic through attacker-controlled servers. This campaign primarily targets Asian TLDs, Chinese hosting infrastructure like Baota Panel, and government/educational domains, utilizing shell scripts to inject compromised configurations into NGINX.

Edward Kiledjian @ekiledjian