External threat actor 85.217.140.43 conducted sustained reconnaissance against critical infrastructure systems over 36 days, targeting BACnet building automation systems, Kubernetes dashboards, and RDP services across 15 unique ports. This medium-risk activity represents typical pre-attack intellige…
IP address 66.132.172.96 conducted extensive reconnaissance targeting industrial control systems and enterprise infrastructure between March 20-April 7, 2026, with 326 observed events focusing on Siemens S7, Modbus, Oracle, and Kubernetes protocols. This activity represents a HIGH threat level with …
Automated reconnaissance activity targeting Kubernetes API servers was observed from IP 20.168.121.187 on March 4, 2026 at 00:00 UTC. The attacker conducted version disclosure scans against port 6443 using zgrab scanner to gather intelligence for potential follow-up attacks. Network defenders should…
Threat actor at 165.154.104.88 (Vietnam/UCLOUD) conducted low-severity reconnaissance targeting Kubernetes dashboard resources over a 15-minute window on 2026-03-13 19:00-20:00 UTC. Assessment indicates automated scanning activity with medium-confidence targeting of container orchestration infrastr…
Threat actor operating from 185.247.137.207 (Manchester, GB) conducted sustained multi-protocol reconnaissance against industrial control systems, Kubernetes environments, and SMB services over 36 days with 64 recorded events. Assessment indicates MEDIUM threat level with potential APT characterist…
French IP address 85.217.140.45 conducted sustained reconnaissance against Kubernetes infrastructure over a 9-day period, specifically targeting etcd databases and cluster dashboards using ModatScanner tooling. This represents a MEDIUM threat level with potential Advanced Persistent Threat characte…
External threat actor conducted systematic reconnaissance against Kubernetes infrastructure from IP 49.37.64.43 between March 13-14, 2026, targeting kubelet API endpoints to enumerate cluster configuration and running workloads. This activity represents a MEDIUM threat level with 85% confidence, in…
French-hosted IP address 85.217.140.9 conducted a sustained 7-day campaign targeting Kubernetes dashboards and FortiGate infrastructure with 148 attack events between March 4-11, 2026. Assessment indicates HIGH threat level based on maximum AbuseIPDB score and active exploitation attempts against cr…
IP address 167.94.138.120 conducted a focused 4-hour reconnaissance campaign on March 12, 2026, targeting Kubernetes infrastructure with 172 attack events combining automated scanning and API enumeration techniques. The activity demonstrates medium-severity threat characteristics with potential APT…
A host originating from The University of Auckland network (130.216.217.88) conducted targeted Kubernetes API enumeration and reconnaissance activities over a 4-hour period on March 13, 2026. The activity demonstrates medium-severity scanning behavior focused on container orchestration infrastructu…
A US-based threat actor conducted targeted reconnaissance against Kubernetes infrastructure over a 4-hour window on March 10, 2026, generating 127 events between 11:00-11:00 UTC. The activity combined automated scanning behavior consistent with Censys research infrastructure alongside specific Kube…
A threat actor operating from French hosting infrastructure (85.217.140.18) conducted focused attacks against Kubernetes dashboard interfaces over an 11-day period in March 2026, generating 78 security events. The activity demonstrates medium-severity targeting of container orchestration platforms w…
High-severity reconnaissance campaign detected from IP 18.218.118.203 targeting industrial control systems using Modbus broadcast enumeration techniques alongside multi-protocol scanning activities from February 12 to March 10, 2026. The attacker demonstrated advanced capabilities across OT/IT envir…
IP address 167.94.146.57 conducted a sustained 16-day reconnaissance campaign from February 19-March 7, 2026, targeting Kubernetes APIs and conducting broad network scanning activities. The threat actor demonstrated knowledge of container orchestration environments and employed multiple protocols (…
A US-based threat actor (3.151.241.153) conducted sustained reconnaissance activities from February 17 to March 8, 2026, targeting industrial control systems and Kubernetes environments using protocol confusion techniques. This HIGH-severity campaign demonstrates advanced operational technology (OT…