Posts tagged: IOT_ATTACK

7 posts
HIGH 85.217.140.37 · ASNone

IP address 85.217.140.37 conducted a sustained multi-protocol reconnaissance campaign from March 7 to April 20, 2026, targeting 16 unique ports across FTP, MQTT, Oracle, RDP, SMTP, and SSH services with 97 total events. This activity represents low-risk service discovery and enumeration rather than …

FORTI_RECON IOT_ATTACK ORACLE_SCAN RDP_SCAN SCANNER
2026-04-20T08:07 UTC
LOW 65.49.1.152 · ASNone

IP address 65.49.1.152 conducted sustained reconnaissance activities from March 15 to April 17, 2026, targeting multiple protocols including FortiGate infrastructure, Oracle databases, IoT devices, and Kubernetes clusters across 59 observed events. Assessment indicates LOW threat level with medium c…

IOT_ATTACK FORTI_PROBE FORTI_RECON FORTI_API MODBUS_RECON
2026-04-17T12:50 UTC
HIGH 85.217.140.39 · ASNone · 1 update

IP address 85.217.140.39 conducted sustained reconnaissance activities from March 16 to April 16, 2026, targeting multiple protocols including FTP, HTTP, MQTT, and TLS services across 11 unique ports. Assessment indicates MEDIUM threat level with 85% confidence, representing initial attack phase act…

IOT_ATTACK FORTI_RECON SCANNER
2026-04-16T17:40 UTC
HIGH 45.91.64.7 · ASNone · 1 update

IP address 45.91.64.7 conducted sustained multi-protocol reconnaissance against network infrastructure from February 21 to April 11, 2026, generating 89 security events across 14 unique ports. The campaign primarily focused on SMTP probing with secondary targeting of RDP and SSH services, assessed a…

SMTP_PROBE RDP_SCAN SSH_SCAN IOT_ATTACK
2026-04-11T17:46 UTC
LOW 91.92.240.214 · ASNone

IP address 91.92.240.214 conducted 185 automated attacks over 15 days targeting SMTP services with relay attempts and IoT command injection, assessed as low-sophistication botnet activity with MEDIUM threat level. Organizations should implement SMTP relay restrictions and monitor for similar reconna…

SPAM_BOT IOT_ATTACK SMTP_RELAY SMTP_PROBE
2026-04-11T08:09 UTC
MEDIUM 185.93.89.64 NL · AS213790 · 5 updates

Threat actor operating from 185.93.89.64 (Netherlands/AS213790) conducted sustained SMTP reconnaissance against mail infrastructure over 28 days, generating 7,725 events targeting port 25. Activity assessed as LOW threat level reconnaissance likely aimed at identifying vulnerable mail servers for fu…

IOT_ATTACK SMTP_PROBE CREDENTIAL_CAPTURE AI_DETECTED
2026-04-06T11:05 UTC
MEDIUM 45.144.212.98 NL · AS214940

Threat actor operating from Netherlands-based hosting infrastructure (45.144.212.98) conducted sustained reconnaissance and exploitation attempts targeting IoT devices and SMTP services over 7-day period ending April 6, 2026. Campaign generated 5,265+ malicious events with focus on MQTT command inje…

IOT_ATTACK SMTP_PROBE
2026-04-06T10:50 UTC