A mysterious threat actor is running hundreds of malicious Tor relays
Since at least 2017, a threat actor has run thousands of servers in entry, middle, and exit positions of the Tor network in what a researcher has described as an attempt to deanonymize Tor users.
