Threat Intelligence Briefing

Global threat volume increased by 26.5% versus the previous period, a significant deviation from the 7-day average. This surge is primarily driven by attacks and malware C2 activity, consistent with a global campaign rather than routine noise. Nordic activity remains low and stable, with Sweden showing the most activity at 9 events across multiple categories, which is consistent with its typical baseline. The top threat IPs are heavily concentrated in SSH brute force attacks, predominantly originating from Eastern European and Asian networks. Focus on the pattern of SSH brute force from ASNs in BG, RU, and TM rather than individual IPs, as these are likely part of coordinated campaigns. Consider implementing temporary rate-limiting on SSH services and review authentication logs for these source regions. No immediate action is required for Nordic-specific traffic, as it aligns with expected background levels.