Huge cyber attack under way - 2.8 million IPs being used to target VPN devices

Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
(Image credit: Shutterstock)

  • Millions of devices, likely infected with malware, are being used in a hacking campaign
  • Researchers spotted brute-force attacks against VPN and other internet-connected devices
  • The majority of the IP addresses are located in Brazil

A wide range of Virtual Private Network (VPN) and other networking devices are currently under attack by threat actors trying to break in to wider networks, experts have warned.

Threat monitoring platform The Shadowserver Foundation warned about the ongoing attack on X, noting someone is currently using roughly 2.8 million different IP addresses to try and guess the passwords for VPNs and similar devices built by Palo Alto Networks, Ivanti, SonicWall, and others.

Besides VPNs, the threat actors are going for gateways, security appliances, and other edge devices connected to the public internet.

Brute force

To conduct the attack, the threat actors are using MikroTik, Huawei, Cisco, Boa, and ZTE routers and other internet-connected devices, likely compromised with malware, or broken into themselves, thanks to weak passwords.

Speaking to BleepingComputer, The Shadowserver Foundation said that the attack recently increased in intensity.

From those 2.8 million, the majority (1.1 million) are located in Brazil, with the rest split between Turkey, Russia, Argentina, Morocco, and Mexico.

This is a typical brute-force attack, in which threat actors try to log into a device by submitting an enormous amount of username/password combinations, until one succeeds. Brute-force attacks are usually successful against devices protected with poor passwords (those that don’t have a strong combination of uppercase and lowercase letters, numbers, and special symbols). The whole process is automated, making it possible on a grander scale.

The automation part is made possible through malware. Usually, the devices used in the attack are part of a botnet, or a residential proxy service. Residential proxies are IP addresses assigned to real devices by internet service providers (ISPs). They make it appear as though the user is browsing from a legitimate residential location rather than a data center, which makes them a major target for cybercriminals.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
A display showing off the Google TV homepage, with icons for 1917, Scoob!, YouTube and Twitch (among others)
This dangerous malware botnet now covers 1.6 million Android TVs - find out if you're at risk
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
Latest in News
Snapdragon G Series
Qualcomm poised to muscle in on AMD's territory with powerful gaming handheld processors
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing