A Massive Cyber Attack: 2.8 Million IPs Targeted
Millions of internet-connected devices are under attack in a massive cyber attack. Security researchers at The Shadowserver Foundation while speaking to BleepingComputer have observed a significant brute-force attack targeting a wide range of devices. The scale is enormous: approximately 2.8 million unique IP addresses are involved in this cyber attack.
The Targets: VPNs and More
The primary targets of this cyber attack are Virtual Private Network (VPN) devices. However, the attackers aren’t limiting themselves. They’re also targeting gateways, security appliances, and other edge devices connected to the internet. Popular brands like Palo Alto Networks, Ivanti, SonicWall, and others are among the affected.
“Someone is currently using roughly 2.8 million different IP addresses to try and guess the passwords for VPNs and similar devices,” The Shadowserver Foundation reported.
Brute-Force Tactics and Geographic Impact
The attackers are using a brute-force approach. This means they’re systematically trying countless username and password combinations until they find one that works. This cyber attack is effective because many devices have weak passwords—passwords lacking a mix of uppercase and lowercase letters, numbers, and special symbols.
The geographic distribution of the 2.8 million IPs involved in this cyber attack is telling. The majority (1.1 million) are located in Brazil. Other heavily impacted regions include Turkey, Russia, Argentina, Morocco, and Mexico.
Automation and the Botnet
This cyber attack relies heavily on automation. The attackers likely use a botnet—a network of compromised devices—or residential proxy services. Residential proxies mask the attackers’ true location, making it harder to trace them. These services use IP addresses assigned to legitimate home devices, making them appear as though the attack originates from ordinary users. This makes them attractive targets for cybercriminals.
The Shadowserver Foundation noted a recent surge in the intensity of this cyber attack. The use of compromised MikroTik, Huawei, Cisco, Boa, and ZTE routers further highlights the sophisticated nature of this operation. These routers, likely infected with malware or vulnerable due to weak passwords, are being used as part of the botnet to amplify the attack. This cyber attack serves as a stark reminder of the importance of strong passwords and regular security updates for all internet-connected devices.
