Threat Intelligence Briefing
Analysis period: 2026-06-10T06:00:02.226611 - 2026-06-10T12:00:02.226611 (6 hours)
Executive Summary
Global threat activity surged +119.1% compared to the prior 6-hour period, a significant deviation from the 7-day average. The spike is driven by reconnaissance and malware infrastructure campaigns, primarily from IP clusters in Romania (<a href="https://ip.wayscloud.services/country-intelligence/RO" target="_blank">RO</a>) and Bulgaria (<a href="https://ip.wayscloud.services/country-intelligence/BG" target="_blank">BG</a>), with notable activity tied to Unmanaged Ltd and TechOff Srv Limited. Nordic countries remain within expected thresholds, though SE and FI show elevated reconnaissance and SSH brute-force patterns consistent with broader trends. This is not background noise—campaigns have persisted for over 14 days, indicating coordinated infrastructure reuse. The US and China remain top source countries, but growth is concentrated in Eastern European residential ISP networks.
Consider temporary blocking or rate-limiting the /24 CIDR ranges of 80.94.92.0, 2.57.122.0, and 195.178.110.0 due to sustained malicious activity. Deprioritize isolated IPs from Google and Microsoft with single-digit reports, as these reflect opportunistic scanning, not targeted campaigns. Focus on ASN-level enforcement for Unmanaged Ltd and TechOff Srv Limited, where multi-category threats cluster.