Encrypted traffic interception on Hetzner and Linode

may

may@weatherInMay

The attacker has issued several new TLS certificates using Let’s Encrypt service which were used to hijack encrypted STARTTLS connections on port 5222 using transparent MiTM proxy.