Threat Intelligence Briefing
Analysis period: 2026-06-21T18:00:02.358891 - 2026-06-22T00:00:02.358891 (6 hours)
Executive Summary
Global threat activity decreased by 14.5% compared to the previous 6-hour period, with 121,383 total threats reported—consistent with the 7-day average and indicating routine background noise. Reconnaissance remains dominant (94% of all threats), primarily from known IP clusters in the US, China, and Germany. Nordic countries show stable patterns: Sweden and Finland report expected levels of brute-force and botnet activity, while Norway and Denmark remain low-volume, reconnaissance-focused. No new campaigns or infrastructure emerged; observed IPs like <a href="https://ip.wayscloud.services/ip-intelligence/80.94.92.128" target="_blank">80.94.92.128</a> (<a href="https://ip.wayscloud.services/country-intelligence/RO" target="_blank">RO</a>) are repeat offenders linked to long-standing SSH brute-force clusters.
Consider temporary blocking or rate-limiting for CIDR ranges tied to Unmanaged Ltd and TechOff Srv Limited, which show concentrated malicious behavior despite low IP counts. Deprioritize individual residential IPs from Microsoft or Tencent, as their activity is sporadic and within normal cloud scanning baselines. Focus on ASN-level patterns in RO, LU, and BG where repeat offender IPs operate—these pose higher risk than isolated events.