"We believe with a high level of confidence that FDN3 is part of a wider abusive infrastructure composed of two other Ukrainian networks, VAIZ-AS ( AS61432) and ERISHENNYA-ASN ( AS210950), and a Seychelles-based autonomous system named TK-NET ( AS210848). Those were all allocated in August 2021 and often exchange IPv4 prefixes with one another to evade blocklisting and continue hosting abusive activities."
"This network shares all its peering agreements with IP Volume Inc. - AS202425, a company based in Seychelles and created by Ecatel's owners, infamous for running an extensively abusive bulletproof hosting service in the Netherlands since 2005. The entirety of prefixes that were moved from AS61432 and AS210950 are now announced by bulletproof and abusive networks fronted by shell companies like Global Internet Solutions LLC (gir.network), Global Connectivity Solutions LLP, Verasel, IP Volume Inc., and Telkom Internet LTD."
Between June and July 2025 a Ukraine-based autonomous system FDN3 (AS211736) originated massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices. The activity is linked to a broader abusive infrastructure involving VAIZ-AS (AS61432), ERISHENNYA-ASN (AS210950), and Seychelles-based TK-NET (AS210848). Those networks were allocated in August 2021 and frequently exchange IPv4 prefixes to evade blocklisting and maintain abusive hosting. Many prefixes moved to AS210848 and to bulletproof networks. The infrastructure leverages shell companies and bulletproof hosts such as IP Volume Inc., Global Internet Solutions LLC, and other front entities for spam, attacks, and malware command-and-control.
#brute-force-attacks #password-spraying #autonomous-systems #bulletproof-hosting #ipv4-prefix-evasion
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]