An unknown threat actor managed to control 27% of the Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. The attacks, which are said to have begun in January 2020, were first documented and exposed by the same researcher in August 2020. The main purpose of the attack, according to nusenu, is to carry out “person-in-the-middle” attacks on Tor users by manipulating traffic as it flows through its network of exit relays. The attacker appears to perform what’s called SSL stripping to downgrade traffic from HTTPS to HTTP.
Source: https://thehackernews.com/2021/05/over-25-of-tor-exit-relays-are-spying.html