Threat Intelligence Briefing
Analysis period: 2026-06-22T06:00:01.651682 - 2026-06-22T12:00:01.651682 (6 hours)
Executive Summary
Global threat activity surged +122.1% compared to the prior 6-hour period, a significant deviation from typical levels. Reconnaissance and low-reputation traffic dominated, with notable clusters from Romanian and Bulgarian IP blocks linked to brute-force campaigns. While US and Chinese sources remain consistently high, the spike is primarily driven by new activity in Eastern European residential networks, particularly ASNs under Unmanaged Ltd and smaller hosting providers. Nordic exposure remains proportionate to regional digital footprint, with Sweden and Finland reflecting typical patterns of broad-spectrum scanning. No novel TTPs observed; this aligns with known automated scanning infrastructure scaling up.
Consider temporary blocking or rate-limiting for /24 ranges tied to 80.94.92.0/24 (<a href="https://ip.wayscloud.services/country-intelligence/RO" target="_blank">RO</a>) and 195.178.110.0/24 (<a href="https://ip.wayscloud.services/country-intelligence/BG" target="_blank">BG</a>), especially for SSH and web management ports. Deprioritize isolated events from Google and Microsoft cloud IPs, as they reflect background noise. Focus on ASN-level enforcement for Unmanaged Ltd and similar low-compliance providers rather than individual IPs to improve operational efficiency.