Threat Intelligence Briefing
Analysis period: 2026-06-12T06:00:02.139177 - 2026-06-12T12:00:02.139177 (6 hours)
Executive Summary
Global threat activity spiked +115.6% compared to the prior 6-hour period, a significant deviation from the 7-day average. This surge is driven by coordinated reconnaissance and brute-force campaigns originating primarily from Romanian IP blocks under ASNs linked to Unmanaged Ltd and Techoff Srv Limited. Multiple IPs in the 80.94.92.0/24 and 2.57.121.0/24 ranges show repeat malicious patterns, indicating infrastructure reuse rather than ephemeral scanning. Nordic exposure remains proportionally low but aligns with global trends—Sweden and Finland report elevated SSH brute-force attempts, consistent with broader Eastern European-based clusters.
Consider temporary blocking or rate-limiting the 80.94.92.0/24 and 2.57.121.0/24 CIDR ranges due to persistent multi-category threats. Deprioritize isolated reputation_low events from residential ISPs unless paired with active exploit attempts. Focus on pattern-based detection over individual IP blocking, as threat infrastructure shows re-use across malware and brute-force campaigns.