Trustwave cybersecurity researchers discovered a rise in “mass scanning, credential brute forcing, and exploitation attempts” coming from an IP addresses connected with a Russian bulletproof hosting service provider, Proton66. This activity was detected on January 8, 2025, and has been targeting organizations globally.
The broad range and intensity of cyberattacks facilitated by Proton66 demonstrates why organizations need layered cybersecurity defenses. The activities stemming from Proton66 include vulnerability scanning, credential brute forcing, exploit attempts and phishing campaigns that mimic reputable WordPress sites, Google Play Store app listings and chat rooms.
