Mass Scanning and Exploit Campaigns

SUMMARY :

Trustwave SpiderLabs has identified ongoing malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns. The investigation revealed connections between Proton66 and bulletproof hosting services advertised on underground forums. Mass scanning and exploit campaigns targeting multiple sectors were observed, with technology and financial organizations being the most common targets. A specific IP address linked to SuperBlack ransomware operators was found distributing critical exploits. The analysis also uncovered a potential rebranding of underground hosting services and shifts in IP addresses between different ASNs, suggesting relationships between providers.

OPENCTI LABELS :

ransomware,vulnerability exploitation,cve-2025-24472,cve-2024-55591,superblack,bulletproof hosting,exploit campaigns,cve-2024-41713,critical vulnerabilities,mass scanning,cve-2025-0108,cve-2024-10914,underground forums


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Mass Scanning and Exploit Campaigns