Cybercriminals Move Deeper into Networks, Hiding in Edge Infrastructure
High severity — significant development or major threat actor activity
Basically, cybercriminals are hiding in devices that regular security tools can't see.
Cybercriminals are increasingly using edge infrastructure to hide their activities. This shift poses significant risks as traditional security measures often overlook these areas. Enhanced threat intelligence is crucial for early detection and prevention.
What Happened
Cybercriminals are shifting their focus towards edge infrastructure, which is often overlooked by traditional security measures. According to Lumen’s 2026 Threatscape Report, attackers are using proxy networks and edge devices as entry points into networks. This trend allows them to evade detection and maintain persistence within compromised systems.
Who's Behind It
The report highlights various threat actors, including both criminal organizations and nation-states. Notable campaigns like J-magic and Secret Blizzard have been active, utilizing unique methods to infiltrate networks and evade detection.
Tactics & Techniques
Attackers are now leveraging edge devices, such as routers and VPN gateways, as initial access points. This strategy allows them to remain hidden from endpoint detection and response (EDR) tools. For instance, Aisuru and DanaBot have been noted for their extensive use of proxy services and botnets, showcasing how modern attacks are evolving.
Defensive Measures
To combat these emerging threats, organizations must enhance their threat intelligence capabilities. Chris Kissel, IDC VP of Security & Trust, emphasizes the need for early detection to identify adversaries as close to the point of origination as possible. Implementing network intelligence is crucial for spotting and stopping attacks before they escalate.
The Growing Threat Landscape
The report also details the significant growth in botnet activity. For example, Aisuru recorded nearly 3 million IPs in 2025, indicating a massive scale of operations. The rapid evolution of these threats, particularly towards the end of 2025, demonstrates how quickly cybercriminals can adapt and rebuild their infrastructures.
Conclusion
As cybercriminals become more sophisticated, the need for robust security measures becomes increasingly critical. Organizations must prioritize visibility across all network layers, especially those that are traditionally less monitored, to effectively defend against these evolving threats.
🔍 How to Check If You're Affected
- 1.Monitor network traffic for unusual patterns or spikes.
- 2.Implement threat intelligence feeds to identify known malicious IPs.
- 3.Regularly audit edge devices for vulnerabilities and unauthorized access.
🗺️ MITRE ATT&CK Techniques
🔒 Pro insight: The shift towards edge infrastructure highlights the necessity for comprehensive network visibility to detect and mitigate advanced persistent threats effectively.