A sophisticated hacking campaign is covertly hijacking NGINX servers by manipulating configuration files, enabling attackers to silently redirect web traffic through their own infrastructure. Here's how the operation works and why it's so difficult to uncover.