Threat Intelligence Briefing
Analysis period: 2026-06-13T06:00:01.607096 - 2026-06-13T12:00:01.607096 (6 hours)
Executive Summary
Global threat activity increased sharply, +125.0% vs previous period, with 305,198 total threats—well above the 7-day average. The surge is driven by reconnaissance (109k events) and malware infrastructure (55k), primarily from US, CN, and DE-based IPs. Notably, Romanian and Bulgarian IPs linked to SSH brute-force campaigns—such as <a href="https://ip.wayscloud.services/ip-intelligence/80.94.92.128" target="_blank">80.94.92.128</a> and <a href="https://ip.wayscloud.services/ip-intelligence/195.178.110.30" target="_blank">195.178.110.30</a>—are clustered under low-reputation ASNs. Nordic exposure remains proportionally low but aligns with broader patterns; Sweden and Finland report elevated brute-force and web attacks. This is a clear deviation, not background noise.
Consider temporary blocking or rate-limiting for IP clusters tied to Unmanaged Ltd, Techoff Srv Limited, and known malicious ranges in Romania (<a href="https://ip.wayscloud.services/country-intelligence/RO" target="_blank">RO</a>) and Bulgaria (<a href="https://ip.wayscloud.services/country-intelligence/BG" target="_blank">BG</a>). Focus on ASN-level patterns rather than individual IPs, as infrastructure is ephemeral. Deprioritize isolated reputation_low events from residential ISPs unless paired with active exploitation. No new zero-day indicators; activity reflects ongoing automated scanning with increased intensity.