SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage
6 snips
Nov 19, 2025 Today's discussion dives into the evolving threat of Kong Tuke, tracing its origins to a ClickFix attack. The complexities of traffic direction systems are unpacked, illustrating their significance in the cyber underground economy. A major outage at Cloudflare is attributed to a faulty bot protection configuration, highlighting the risks of automated scripts. Additionally, Google addresses urgent vulnerabilities in Chrome, including a zero-day exploit already in the wild, stressing the importance of quick updates.
AI Snips
Chapters
Transcript
Episode notes
ClickFix Leads To KongTuk Proxy Network
- Brad Duncan documented a ClickFix variant that tricks victims into pasting PowerShell commands.
- That ClickFix lead installed Kongtuk/Kontak, a traffic direction system used as a proxy network for attackers.
TDS Acts As Rented Proxy Infrastructure
- Traffic Direction Systems (TDS) like Kongtuk act as chained proxies to obscure attacker traffic.
- These malicious proxy networks are often rented out, forming a key service in the cybercriminal economy.
Cloudflare Outage Hit Many Major Services
- Johannes Ulrich noted he felt lucky previously when ISC didn't use AWS during that outage.
- That luck ran out when Cloudflare suffered a large multi-hour outage affecting many major sites and AI services.