Threat Alert: Exploited SSH Servers Offered in the Dark Web as Proxy Pools

Research reveals how compromised SSH servers are being sold on dark web markets as proxy pools, enabling anonymous access and malicious activities. This represents a growing market for compromised infrastructure.

Attackers exploit SSH servers with weak credentials or vulnerabilities, then sell access to these servers on dark web marketplaces. Buyers use these compromised servers as proxies to anonymize their malicious activities.

Market Dynamics

• Commoditization of compromised infrastructure
• Easy access to proxy networks for attackers
• Difficulty in tracking malicious activities through proxy chains
• Financial incentive for attackers to compromise more servers