The FBI warned about the prevalent use of proxies and configurations to mask and automate credential stuffing attacks. Threat actors extensively leveraged residential proxies instead of those connected to data centers to avoid triggering suspicious behavior monitors.