Threat Intelligence Briefing

Global threat volume increased by 4.5% compared to the previous 6-hour period, remaining consistent with the 7-day average and representing routine background noise. SSH brute-force attacks from Russia (<a href="https://ip.wayscloud.services/asn-intelligence/12389" target="_blank">AS12389</a>, Rostelecom) and Bulgaria (<a href="https://ip.wayscloud.services/asn-intelligence/8866" target="_blank">AS8866</a>, Megalan) continue to dominate, with the top five IPs all associated with this activity. Nordic activity was minimal and stable, with Sweden showing three events and Finland one, all SSH-related. This pattern is not a deviation from typical baseline behavior for the region. Focus defensive actions on blocking SSH brute-force patterns from <a href="https://ip.wayscloud.services/asn-intelligence/12389" target="_blank">AS12389</a> and <a href="https://ip.wayscloud.services/asn-intelligence/8866" target="_blank">AS8866</a> CIDR ranges rather than individual ephemeral IPs. Prioritize patching internet-facing SSH servers and review CERT-EU advisory 2025-035 regarding exploited SNMP vulnerabilities. Deprioritize individual IPs from this dataset as they represent transient, automated noise.