IP address 65.49.1.192 conducted sustained reconnaissance activities over 53 days (March-April 2026) targeting FortiGate appliances and industrial control systems using IEC-104 protocol probes. This represents a MEDIUM threat level with potential critical infrastructure targeting. Organizations shou…
IP address 65.49.1.108 conducted a 41-day reconnaissance campaign from March 8-April 18, 2026, targeting industrial control systems and network infrastructure across 14 unique ports using multiple protocols including S7comm, RDP, and Fortinet device probes. Despite the broad attack surface and ICS t…
External IP address 65.49.1.132 conducted sustained reconnaissance activities from February 21 to April 18, 2026, targeting enterprise infrastructure including FortiGate appliances, industrial control systems, and network services across 13 unique ports. Assessment indicates LOW threat severity with…
IP address 65.49.1.152 conducted sustained reconnaissance activities from March 15 to April 17, 2026, targeting multiple protocols including FortiGate infrastructure, Oracle databases, IoT devices, and Kubernetes clusters across 59 observed events. Assessment indicates LOW threat level with medium c…
Threat actor at 65.49.20.69 conducted sustained multi-protocol reconnaissance targeting FortiGate appliances, industrial control systems, and IoT devices over 54 days from February 21 to April 15, 2026. Activity demonstrates medium-severity threat with focus on critical infrastructure enumeration ac…
IP address 64.62.197.122 conducted sustained reconnaissance against network infrastructure and industrial control systems over a 52-day period from February 19 to April 11, 2026, generating 58 security events. The activity primarily targeted FortiGate and Palo Alto security appliances alongside Modb…