New Sandworm Tradecraft Uses SSH-over-Tor Tunnel for Long-Term Hidden Persistence

The Sandworm threat group is employing a new SSH-over-Tor tunnel technique for long-term hidden persistence in targeted cyberattacks. This advanced method uses dual-layer anonymous tunnels disguised as normal network traffic, allowing attackers to maintain encrypted remote control and access sensitive data without detection.