CISA Alert: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about malicious cyber actors using network tunneling and spoofing to obfuscate geolocation. According to the alert, attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location. Because threat actors can use these techniques to obfuscate their location, it is not possible to identify the true physical location of malicious activity based solely on the geolocation of Internet Protocol (IP). The alert discusses how threat actors use these obfuscation techniques to mislead incident responders. In addition to being knowledgeable about threat actor obfuscation techniques, CISA encourages incident responders to review a list of best practices in the alert to strengthen the security posture of their systems. Read the alert at CISA.