KAX17 Runs Rogue Relays to Expose Tor Users
Researchers stumbled across a mischievous threat actor, dubbed KAX17, running over 900 malicious servers allegedly to deanonymize Tor users. Most of the Tor relay servers used by the group were located in data centers worldwide and were configured as entry and middle points. The recent findings show how anonymous networks meant to be private can be attacked as well.
