Mass Scanning and Exploit Campaigns
May 21, 2025, 9:05 p.m.
Description
Trustwave SpiderLabs has identified ongoing malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns. The investigation revealed connections between Proton66 and bulletproof hosting services advertised on underground forums. Mass scanning and exploit campaigns targeting multiple sectors were observed, with technology and financial organizations being the most common targets. A specific IP address linked to SuperBlack ransomware operators was found distributing critical exploits. The analysis also uncovered a potential rebranding of underground hosting services and shifts in IP addresses between different ASNs, suggesting relationships between providers.
Tags
Date
- Created: May 16, 2025, 8:51 a.m.
- Published: May 16, 2025, 8:51 a.m.
- Modified: May 21, 2025, 9:05 p.m.
Indicators
- 91.212.166.62
- 91.212.166.60
- 91.212.166.27
- 45.135.232.24
- 45.135.232.171
- 45.135.232.174
- 45.135.232.103
- 45.135.232.108
- 45.134.26.8
- 45.134.26.199
- 45.134.26.104
- 193.143.1.78
- 193.143.1.64
- 45.140.17.98
- 45.134.26.81
- 45.134.26.80
- 45.134.26.38
- 45.134.26.124
- 45.140.17.21
- 193.143.1.65
- 91.212.166.65
- 193.143.1.33
Attack Patterns
- SuperBlack
- Proton66
Additional Informations
- Retail
- Technology
- Healthcare
- Finance
- Government
- Manufacturing