- Millions of devices, probably infected with malware, are used in a hacking campaign
- The researchers spotted brute force attacks on VPN and other devices connected to the Internet
- The majority of IP addresses are located in Brazil
A wide range of virtual private networks (VPN) and other networking devices are currently attacked by threat actors trying to enter larger networks, experts warned.
Threat monitoring platform The Shadowserver Foundation warned of the current attack on X, noting that someone currently uses around 2.8 million different IP addresses to try to guess passwords for VPNs and devices Similar built by Palo Alto Networks, Ivanti, Sonicwall and others.
In addition to VPNs, threat stakeholders opt for bridges, safety devices and other EDGE devices connected to the public Internet.
Brute force
To conduct the attack, threat actors use Mikrotik, Huawei, Cisco, Boa and Zte routers and other devices connected to the Internet, probably compromised with malware, or collapsed, thanks to words weak.
Talk to Bleeping CompomputeThe Shadowserver Foundation said the attack had recently increased in intensity.
From these 2.8 million, the majority (1.1 million) are located in Brazil, the rest distributed between Turkey, Russia, Argentina, Morocco and Mexico.
It is a typical raw-heart attack, in which threat actors try to connect to a device by subjecting a huge amount of username / password combinations, until the ‘We succeed. Brute force attacks generally succeed against devices protected by bad passwords (those who do not have a high combination of letters, figures and special symbols in capital letters). The entire process is automated, which allows a larger scale.
The automation game is made possible via malicious software. Usually, the devices used in the attack are part of a botnet or a residential proxy service. Residential proxies are IP addresses assigned to real devices by Internet service providers (ISP). They give the impression that the user runs through a legitimate residential location rather than a data center, making it a major target for cybercriminals.
