Threat Intelligence Briefing

Global threat volume spiked by over 120% compared to the previous 6-hour period, representing a significant deviation from routine activity. This surge is primarily driven by attacks and malware C2 traffic, with notable SSH brute-force clusters originating from IPs in Russia (ASN 48347, <a href="https://ip.wayscloud.services/ip-intelligence/176.120.22.0" target="_blank">176.120.22.0</a>/24) and Bulgaria. Nordic traffic remains stable and consistent with its typical low baseline; Sweden, Norway, and Finland show no anomalous patterns. This spike is part of a multi-day SSH-focused campaign, not isolated ephemeral noise. Focus defensive actions on the identified SSH brute-force clusters by CIDR range and ASN rather than individual IPs. Consider implementing temporary rate-limiting rules for SSH traffic from Eastern European networks. Prioritize investigating this campaign over routine background spam or web attacks, which remain at expected levels. Ensure SSH services are not exposed to the public internet where possible.