Huge cyber attack under way - 2.8 million IPs being used to target VPN devices

Sufficient-Bid1279 · March 6, 2025, 9:19pm

SplitBoots99 · March 6, 2025, 9:19pm

Some network engineers are about to have some long nights.

Weezlebubbafett · March 6, 2025, 9:19pm

Is it because my password is GulfofMexico123?

Suspect4pe · March 6, 2025, 9:19pm

“This is a typical brute-force attack, in which threat actors try to log into a device by submitting an enormous amount of username/password combinations, until one succeeds.”

In this world, certificate-based authentication is almost a must. Using just a username/password isn’t smart.

iHateEveryoneAMA · March 6, 2025, 9:19pm

“From those 2.8 million, the majority (1.1 million) are located in Brazil, with the rest split between Turkey, Russia, Argentina, Morocco, and Mexico”

iDontRememberCorn · March 6, 2025, 9:19pm

IT’S HAPPENING RIGHT NOW… two days ago.

bytesizedofficial · March 6, 2025, 9:19pm

Is this why my VPN connection has been shit all day

KayBliss · March 6, 2025, 9:19pm

This has been going on for probably a year. If you are in the space, you’ve probably already recognized this. Some VPN providers already have proactive solutions that try to detect these IPs and automatically block them proactively across all tenants/cloud projects

thetoastmonster · March 6, 2025, 9:19pm

This started before Christmas. Noticed AD accounts getting locked out with VPN login attempts.

TryingToBeLevel · March 6, 2025, 9:19pm

My infosec team are the most annoying people in the company, but I also appreciate all of them immensely and always say thank you though my gritted teeth.

fixtwin · March 6, 2025, 9:19pm

Its credentials stuffing - been happening for a few years with different intervals. Nothing new, just set your login rate limiting properly

Stashmouth · March 6, 2025, 9:19pm

This article is two days old

Autoxquattro · March 6, 2025, 9:19pm

"The call is coming from inside the house "

affemannen · March 6, 2025, 9:19pm

I work as a network tech, we had attacks start at 02 in the morning going on all day until i got off work. Not really an issue, our systems are built to handle it. But the alarms are annoying.

Amphetanice · March 6, 2025, 9:19pm

RIP PlayStation Network again? Please no.

Full_Dog710 · March 6, 2025, 9:19pm

I have been noticing these persistent attacks against our VPN gateway for around a year now already.

idetectanerd · March 6, 2025, 9:19pm

What they want? Stop porn hub?

campmatt · March 6, 2025, 9:19pm

Yes, but WHY are they attacking?

Spiritual-Matters · March 6, 2025, 9:19pm

Prime time to get those DOGE creds

Soga_Nakamaro · March 6, 2025, 9:19pm

I am a Brazilian who uses a Huawei router with default password (my ISP doesn’t allow to change it without breaking the internet connection). Is there a way to know if my device is part of this attack or compromised? It’s out of scope changing my ISP, btw.