Threat Intelligence Briefing
Analysis period: 2026-06-19T18:00:01.508460 - 2026-06-20T00:00:01.508460 (6 hours)
Executive Summary
Global threat activity remained stable with a +0.7% increase compared to the previous 6-hour period, consistent with the 7-day average. The vast majority of events were reconnaissance (95%), primarily originating from US, CN, and DE-based infrastructure. No significant deviations in attack types or geographies were observed. Nordic countries showed baseline-normal behavior, with SE and FI reporting expected levels of web and SSH brute-force activity. The top individual IPs are linked to Romanian and Bulgarian networks, specifically ASNs under Unmanaged Ltd and TechOff Srv Limited, showing clustered brute-force behavior across SSH services.
Consider temporary blocking or rate-limiting the /25 subnet around 80.94.92.0/24 due to recurring brute-force patterns from multiple IPs in the same range. Deprioritize isolated SSH attempts from residential ISPs unless part of broader campaigns. Focus monitoring on Unmanaged Ltd and TechOff Srv Limited ASNs given repeated association with coordinated scanning. No urgent action needed for tor_exit nodes—volume remains within normal thresholds.