Widespread VPN attack: 2.8 million IPs involved in brute-force campaign

An unidentified threat actor is conducting brute-force attacks targeting over 2.8 million VPN and network devices worldwide. Threat monitoring platform The Shadowserver Foundation posted the reports to X, highlighting a wave of intrusion attempts against networks using devices from Palo Alto, Ivanti, and SonicWall.

There's a specific concentration of attacks in Brazil, Turkey, Russia, and Argentina, with 1.1 million of the 2.8 million affected devices located in Brazil. The foundation also reports that the brute-force attacks are primarily targeting vulnerable edge (network) devices - particularly compromised routers from manufacturers such as MikroTik, Huawei, Cisco, Boa, and ZTE. Threat actors are leveraging a botnet or residential proxy network to disguise malicious traffic, making detection and mitigation more difficult.

The companies above often provide enterprise-level VPNs used for remote work and secure corporate access, making them targets for network infiltration. As reported by Techradar, the attack fits the profile of a conventional brute-force attack, during which threat actors submit large numbers of username and password combinations until breaking through. In that regard, devices with week or reused credentials are particularly vulnerable.

The attack primarily affects businesses and corporate networks - particularly those that rely on VPNs for remote access. Government agencies, financial institutions, and enterprises experience the highest risk factor, but small businesses with outdated network security may also be affected.

Organizations using affected devices should apply firmware updates and security patches immediately, strengthen password policies, and review network access controls to mitigate potential threats.

• Read more: Global hardware scam: 'brand new' Seagate hard drives exposed as used mining equipment
• Read more: Trump refuses to sign global AI declaration, calls for 'optimism over fear'
• Read more: Valve issues platform-wide ban for any games that force advertising