| ID | Name |
|---|---|
| ATAGS-T1193.001 | Internal Proxy |
| ATAGS-T1193.002 | External Proxy |
| ATAGS-T1193.003 | Multi-hop Proxy |
| ATAGS-T1193.004 | Domain Fronting |
Threat Actors may chain together multiple proxies to disguise the source of malicious traffic. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy. This technique makes identifying the original source of the malicious traffic even more difficult by requiring the defender to trace malicious traffic through several proxies to identify its source.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.