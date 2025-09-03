Threat Intelligence, Network Security

Intensified brute-force attacks launched by Ukrainian hackers

Numerous SSL VPN and RDP devices have been subjected to widespread brute-force and password spraying attacks from the Ukraine-based autonomous system FDN3 (AS211736) from June to July, according to The Hacker News. FDN3 is associated with Ukrainian networks VAIZ-AS (AS61432) and ERISHENNYA-ASN (AS210950), which have their prefixes announced on the AS210848 autonomous network with the same peering agreements with Seychelles-based IP Volume Inc. (AS202425), a report from Intrinsec revealed. Researchers also discovered FDN3 to be linked to Russian firm Alex Host LLC, which was previously associated with TNSECURITY and other bulletproof hosting companies that underpinned the Doppelganger influence operation network. "All those strong similarities, including their configuration, the content they host, and their creation date, led us to assess with a high level of confidence the previously mentioned autonomous systems to be operated by a common bulletproof hosting administrator," said Intrinsec researchers. Such findings follow a Censys report detailing a PolarEdge botnet-related connect-back proxy management system.

