Summary (Bottom Line Up Front)
High-confidence SMB reconnaissance activity detected from IP 14.194.49.6 (India/Tata Teleservices) targeting network infrastructure with 6,624 events over approximately 1 hour on March 10, 2026. This automated scanning campaign likely seeks to identify vulnerable Windows systems for potential exploitation or lateral movement. Immediate SMB hardening and monitoring recommended.
Activity Timeline
INITIAL REPORT2026-03-19T09:01:16Z
Source: Analyst Manual Entry
High-confidence SMB reconnaissance activity detected from IP 14.194.49.6 (India/Tata Teleservices) targeting network infrastructure with 6,624 events over approximately 1 hour on March 10, 2026. This automated scanning campaign likely seeks to identify vulnerable Windows systems for potential exploitation or lateral movement. Immediate SMB hardening and monitoring recommended.
Technical details
Attack Vector: Automated SMB reconnaissance scanning
Source: 14.194.49.6 (Ahmedabad, India / AS45820 Tata Teleservices Limited)
Timeline: March 10, 2026, 03:00-05:00 UTC (1 hour 14 minutes)
Volume: 6,624 events targeting single destination port
Protocols: SMB, TCP SYN scanning
MITRE Technique: T1046 (Network Service Scanning)
Kill Chain Phase: Reconnaissance
Primary Pattern: SMB version 1 detection attempts (2,347 hits)
Threat Level: HIGH (85% confidence)
IOCs: 14.194.49.6, suspicious source port 7666, SMB enumeration signatures
IOCs
IP:14.194.49.6
ASN:45820
COUNTRY:IN
Recommendations
- Block IP 14.194.49.6 at perimeter firewalls and monitor for additional IPs from AS45820 network range
- Disable SMBv1 protocol across all Windows systems and enable SMBv3 encryption where SMB is required
- Implement enhanced logging and alerting for SMB connection attempts from external IP addresses
- Conduct immediate audit of SMB-enabled systems for proper access controls and patch status
- Deploy network segmentation to limit SMB traffic to authorized internal communications only