Threat Intelligence Briefing

Global threat volume decreased by 36.2% compared to the previous period, representing a significant deviation from the elevated baseline and a return to more routine levels. This decline was observed across all major categories, with attacks, spam, and brute-force remaining the top threats. Nordic countries showed stable, low-level activity consistent with their seven-day averages; Sweden recorded the highest volume with 15 events from 7 unique IPs, primarily involving attacks and brute-force. The top threat actors were concentrated in ASNs from Russia (<a href="https://ip.wayscloud.services/ip-intelligence/176.120.22.0" target="_blank">176.120.22.0</a>/24) and the Netherlands (<a href="https://ip.wayscloud.services/ip-intelligence/45.148.10.0" target="_blank">45.148.10.0</a>/24), focusing on SSH brute-force attacks. Given the sharp decline, this period represents a return to baseline activity rather than a new emerging threat. Defenders should maintain standard vigilance on SSH access points, particularly monitoring and potentially rate-limiting traffic from the identified Russian and Dutch CIDR blocks. No immediate, time-sensitive blocking recommendations are required, but continue to prioritize patching for high-severity vulnerabilities outlined in recent CERT-EU advisories.