IP address 71.6.199.23 conducted a sustained 7-week reconnaissance campaign targeting industrial control systems, focusing on Modbus protocol enumeration and MQTT services with 69 recorded events between February 17 and April 6, 2026. The sophisticated targeting of operational technology protocols i…
Lithuanian-based IP 141.98.9.114 conducted low-volume SMTP reconnaissance against mail infrastructure on March 18, 2026, between 02:00-08:00 hours, attempting to enumerate mail server capabilities and recipients. This activity represents typical network reconnaissance behavior with LOW assessed thre…
Threat actor operating from IP 141.98.9.68 (Lithuania, AS209588) conducted SMTP user enumeration attacks against organizational email infrastructure over a 16-hour period from March 15-16, 2026. Assessment indicates LOW severity reconnaissance activity consistent with email harvesting for potential …
IP address 158.94.209.116 (Middlesex University/NL) conducted sustained SMTP enumeration attacks over 18 hours targeting email infrastructure with 59 recorded events. Assessed threat level: MEDIUM due to reconnaissance nature and academic network origin suggesting potential research activity or com…