Domain fronting is a technique used by app and website developers to circumvent internet censorship by hiding the true endpoint of a connection – particularly to avoid government interference.
In recent times, however, it has increasingly become a convenient tool for purveyors of malware. As a result, leading cloud service providers Google and Amazon have both recently announced that they are killing off domain fronting on their infrastructure and clearing out any apps that continue to use it on their servers.
Cybercriminals have started to use domain fronting to cover their tracks and impede the dismantling of their operations by law enforcers. As is often the case, some of the impetus for this ban has been prompted by nefarious activities by cyber-espionage units with links to Russian intelligence agencies.