IP address 85.11.183.27 conducted a sustained reconnaissance campaign from March 2026 through April 2026, targeting network infrastructure management interfaces including Palo Alto Networks PAN-OS, FortiGate, and MQTT services across 56 events. This activity represents initial attack chain reconnais…
IP address 85.11.183.19 conducted sustained reconnaissance activities over 50 days (February 28 - April 19, 2026) with 151 events targeting multiple protocols including HTTPS, TLS, and SMTP across 7 unique ports. Despite low individual event severity, the persistent nature and focus on Fortigate inf…
IP address 71.6.199.23 conducted a sustained 7-week reconnaissance campaign targeting industrial control systems, focusing on Modbus protocol enumeration and MQTT services with 69 recorded events between February 17 and April 6, 2026. The sophisticated targeting of operational technology protocols i…
Russian-origin IP address 81.29.142.6 conducted sustained multi-protocol reconnaissance targeting industrial control systems and enterprise services over a 40-day period from February 12 to March 24, 2026. Despite 468 recorded events across 11 protocols including EtherNet/IP, Modbus, and MQTT, the a…
IP address 87.236.176.48 (Leeds, UK) conducted multi-protocol reconnaissance targeting MQTT services and general network infrastructure over 18 days, generating 21 security events. Assessment indicates low-to-medium risk research scanning activity with MQTT-specific targeting that warrants monitorin…
High-severity MQTT protocol attack detected from US-based IP 64.23.214.27 targeting industrial messaging infrastructure with suspicious hex-encoded payloads and persistent delivery flags. The attack demonstrates advanced knowledge of MQTT protocol exploitation techniques, potentially indicating pro…
IP address 167.94.138.203 conducted reconnaissance against MQTT infrastructure using deprecated TLS 1.0 protocol and attempted unauthorized subscription operations between March 12-17, 2026. This activity represents a MEDIUM threat level indicating potential preparation for IoT/MQTT infrastructure …
A US-based threat actor (152.32.148.140) conducted targeted attacks against industrial control systems and IoT infrastructure on March 10, 2026, employing Modbus protocol exploitation and MQTT reconnaissance techniques. The attacker demonstrates sophisticated knowledge of operational technology envi…
IP address 66.132.153.115 conducted a 12-day reconnaissance campaign targeting MQTT and SMB services with 83 recorded events between March 1-13, 2026. The threat actor demonstrates medium-level capability with focused protocol exploitation attempts and maintains a maximum AbuseIPDB reputation score…
Vietnamese-origin IP address 152.32.249.95 conducted focused MQTT protocol reconnaissance against IoT infrastructure on March 14, 2026, employing subscription-based enumeration techniques over a 32-minute window. Assessment indicates MEDIUM threat level with potential for IoT device compromise and …
IP address 66.132.153.125 conducted targeted reconnaissance against industrial control systems and IoT infrastructure between March 11-14, 2026, utilizing S7comm and MQTT protocols. The activity represents a MEDIUM threat level with focused targeting of critical infrastructure protocols. Organizati…
Romanian-based threat actor 193.46.255.147 conducted a sophisticated multi-protocol reconnaissance campaign targeting industrial control systems, network infrastructure, and IoT devices over a 14-hour period from March 9-10, 2026. The campaign demonstrates advanced capabilities across Modbus, S7com…