A new version of a known network-address translation (NAT) slipstreaming attack has been uncovered. It would allow remote attackers to reach multiple internal network devices, even if those devices don t have access to the internet. Attackers can execute an attack by convincing one target with internet access on the network to click on a malicious link. From there, cybercriminals can gain access to other, non-exposed endpoints, including unmanaged devices like industrial controllers, with no further social engineering needed.
Source: https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/