Operational Relay Box Networks (ORBs)
Chinese-linked hacking units increasingly use 'ORBs' to obfuscate espionage
The obfuscation networks — known as “operational relay box networks,” or ORBs — are not operated directly by government-controlled hacking units, the researchers said. Instead, they’re administered by contractors or other administrators within China and are frequently used by multiple Chinese government-linked hacking campaigns as part of espionage or reconnaissance efforts.
ORB networks are composed of “nodes,” or individual physical or virtual devices, that are typically routers or leased virtual private servers
ORB network-hosted infrastructure, such as domains or IP addresses, have a short lifespan, meaning that traditional clues and indicators used by defenders to spot and remedy adversarial operations are increasingly less relevant
“Rather than waiting to be reactive, or responsive to block each IP as an indicator of compromise, you should be trying to look at the patterns of infrastructure that they’re registering, what types of routers they are compromising, what ports and services do we know that they’re coming from,”
With the number of cheap IoT smart home devices that people are buying from crapazon, I wouldn't be surprised if this number grows larger in size than it already has. Although, these contractors are targeting modems and routers for a reason, less firewall restrictions (if any) and low visibility for detection. The easy way to find out if your device has been compromised is noticing if your IP is being blackholed or blacklisted by websites. Call in ISP for a new one and all good. Who needs security am I right?