Summary (Bottom Line Up Front)
A Taiwan-based IP address (165.154.227.162) conducted an intensive credential capture campaign over 4 hours on April 3-4, 2026, generating 28,317 attack events targeting Telnet services. This represents typical opportunistic scanning activity with medium threat severity. Network defenders should verify Telnet service exposure and implement appropriate access controls.
Activity Timeline
INITIAL REPORT2026-04-04T14:34:46Z
Source: Analyst Manual Entry
A Taiwan-based IP address (165.154.227.162) conducted an intensive credential capture campaign over 4 hours on April 3-4, 2026, generating 28,317 attack events targeting Telnet services. This represents typical opportunistic scanning activity with medium threat severity. Network defenders should verify Telnet service exposure and implement appropriate access controls.
Technical details
- Source: 165.154.227.162 (AS142002 Scloud Pte Ltd, Taiwan) with maximum AbuseIPDB reputation score (100/100)
- Attack Vector: Telnet-based credential capture attempts using TCP and TCP/SYN protocols
- Volume: 28,317 events over 4-hour window (April 3, 2026 21:00 - April 4, 2026 01:00 UTC)
- Techniques: Authentication retry patterns (4,080 hits) and standard authentication attempts (2,040 hits)
- Infrastructure: Attacker system exposing HTTP (80), HTTPS (443), and development services (3000)
- Assessment: Low-sophistication automated scanning classified as background noise
IOCs
IP:165.154.227.162
ASN:142002
COUNTRY:TW
Recommendations
- Disable or restrict Telnet services where possible, replacing with SSH for secure remote access
- Implement rate limiting and account lockout policies for authentication attempts on legacy services
- Monitor for authentication failures from 165.154.227.162 and consider blocking at network perimeter
- Audit exposed services on TCP ports to minimize attack surface for credential-based attacks
- Deploy network segmentation to isolate systems requiring Telnet access from internet-facing networks