In a significant escalation of cyber threats, a massive brute force attack has been identified, utilising approximately 2.8 million unique IP addresses daily to target Virtual Private Network (VPN) devices, firewalls, and gateways from prominent vendors such as Palo Alto Networks, Ivanti, and SonicWall. This extensive campaign, active since January 2025, has been meticulously documented by the Shadowserver Foundation, a non-profit security organisation.
Brute force attacks involve cybercriminals systematically attempting numerous username and password combinations to gain unauthorised access to systems. The sheer scale of this operation, with millions of IP addresses involved, signifies a highly coordinated effort, potentially orchestrated by a vast botnet—a network of compromised devices under the control of malicious actors.
Chloe Messdaghi, founder of SustainCyber, emphasised the gravity of the situation: “A brute-force attack with 2.8 million IPs is next-level. If attackers crack VPN credentials, they get direct access to corporate networks—it’s not something to take lightly.”
The geographical distribution of the attacking IP addresses is notably concentrated, with over 1.1 million originating from Brazil. Significant numbers have also been traced back to the United States and Canada, highlighting the global reach and impact of this malicious campaign.
The implications of such a widespread attack are profound. Successful breaches can grant attackers unfettered access to sensitive corporate networks, leading to data theft, ransomware deployments, and other malicious activities. The utilisation of a vast array of IP addresses complicates traditional defence mechanisms, as blocking individual IPs becomes an impractical solution.
In response to this escalating threat, cybersecurity experts recommend several proactive measures:
- Implement Multi-Factor Authentication (MFA): Adding an extra layer of security can thwart unauthorised access, even if passwords are compromised.
- Regularly Update and Patch Systems: Ensuring that all devices, especially VPNs and firewalls, are up-to-date with the latest security patches can mitigate known vulnerabilities.
- Monitor Network Traffic: Vigilant monitoring can help detect unusual activities indicative of a brute force attack, enabling swift response.
- Employ Rate Limiting: Restricting the number of login attempts can deter automated brute force attempts.
Organisations are urged to remain vigilant and proactive in fortifying their cybersecurity defences. The evolving tactics of cyber adversaries necessitate a dynamic and robust security posture to safeguard sensitive information and maintain operational integrity.
For a more in-depth analysis of this ongoing threat, consider watching the following video: