Threat Intelligence Briefing

Global threat activity spiked significantly, with a 55.6% increase from the previous period, representing a major deviation from routine levels. Malware C2 and attack traffic dominated, primarily originating from US, GB, and IN ASNs. Nordic traffic remained stable and consistent with their 7-day averages, showing no unusual deviations. The top threat actors, including IPs from <a href="https://ip.wayscloud.services/asn-intelligence/14061" target="_blank">AS14061</a> (DigitalOcean) and <a href="https://ip.wayscloud.services/asn-intelligence/51167" target="_blank">AS51167</a> (Contabo), are conducting sustained SSH brute-force campaigns that have been active for several weeks, not new emergent threats. Prioritize monitoring traffic from these provider networks, as individual IPs within them are highly ephemeral. Consider implementing temporary rate-limiting rules for SSH connections from high-risk ASNs exhibiting brute-force patterns, as this is more effective than blocking single IPs. Deprioritize the low-volume Nordic alerts, which represent background noise.