CyberSecurity news

FlagThis - #bruteforce

Bill Toulas@BleepingComputer //

Black Basta's BRUTED Framework Automates VPN Brute-Force Attacks

The Black Basta ransomware operation has developed a new automated brute-forcing framework called 'BRUTED' to compromise edge networking devices such as firewalls and VPNs. This framework is designed to automate the process of gaining unauthorized access to sensitive networks, which can lead to ransomware deployment and data theft. Security experts warn that this new tool empowers attackers to more efficiently breach enterprise VPNs and firewalls, marking a worrying escalation in ransomware tactics.

EclecticIQ analysts, after analyzing the source code, confirmed the primary capability of the tool is the automated internet scanning and credential stuffing against edge network devices. This framework targets widely used firewalls and VPN solutions in corporate networks. This tool is able to exploit weak or reused credentials, gaining an initial foothold for lateral movement and ransomware deployment.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • KubikPixel: Ransomware gang creates tool to automate VPN brute-force attacks The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. ğŸŒ�
  • The DefendOps Diaries: Explore the BRUTED framework, a new tool by Black Basta, automating brute-force attacks on VPNs, posing a global threat to organizations.
  • Davey Winder: Hackers now have the tools to automate brute force attacks of your VPNs and firewalls during ransomware campaigns.
  • Talkback Resources: Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices [net] [mal]
  • BleepingComputer: Ransomware gang creates tool to automate VPN brute-force attacks
  • bsky.app: The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/
  • bsky.app: The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs.
  • bsky.app: The BlackBasta ransomware gang developed and used its own custom tool to brute-force enterprise firewalls and VPN remote-access products.
  • www.techradar.com: Infamous ransomware hackers reveal new tool to brute-force VPNs
  • www.cybersecuritydive.com: Black Basta uses brute-forcing tool to attack edge devices
  • www.scworld.com: Automated brute forcing tool leveraged in Black Basta ransomware intrusions
  • www.cysecurity.news: Ransomware gang creates tool to automate VPN brute-force attacks The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs.
Classification:
  • HashTags: #Ransomware #BlackBasta #BruteForce
  • Target: VPNs, firewalls
  • Attacker: Black Basta
  • Product: Edge Networking Devices
  • Feature: Automated Brute Forcing
  • Malware: BRUTED
  • Type: Malware
  • Severity: High
@cyberalerts.io //

Attackers Target Over 4000 IP Addresses of US, China ISPs

The Splunk Threat Research Team has revealed a widespread cyber campaign specifically targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IP addresses were explicitly targeted. This mass exploitation campaign involves the deployment of information stealers and crypto miners on compromised systems.

The attack leverages brute-force tactics to exploit weak credentials, gaining initial access to the targeted networks. Once inside, the attackers deploy cryptomining and info-stealing malware. This campaign is believed to have originated from Eastern Europe, highlighting the global nature of cyber threats and the importance of robust security measures for critical infrastructure providers.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Virus Bulletin: The Splunk Threat Research Team has identified a campaign targeting ISP infrastructure providers. This mass exploitation campaign led to cryptomining and infostealer payloads. The main vector & initial access is driven by using well known weak credentials.
  • securityaffairs.com: Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
  • thehackernews.com: Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
  • Information Security Buzz: The Splunk Threat Research Team has uncovered a widespread cyber campaign targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IPs were explicitly targeted in this campaign.
  • securityaffairs.com: Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
Classification:
  • HashTags: #ISP #Cyberattack #CredentialBruteForce
  • Company: Various US and China ISPs
  • Target: ISPs
  • Attacker: Splunk Threat Research Team
  • Product: ISP Infrastructure
  • Feature: Brute-force
  • Malware: Info Stealers and Crypto Miners
  • Type: Hack
  • Severity: Major
@gbhackers.com //

Massive Brute Force Attack Targets VPNs and Firewalls

A massive brute force password attack is currently targeting a wide range of networking devices, including VPNs and firewalls from Palo Alto Networks, Ivanti, and SonicWall. The attack, which began recently, utilizes almost 2.8 million IP addresses in an attempt to guess the credentials for these devices. Once access is gained, threat actors can hijack devices or gain access to entire networks.

A brute force attack involves repeatedly attempting to log into an account or device using numerous username and password combinations until the correct one is discovered. This type of attack highlights the importance of strong, unique passwords and multi-factor authentication to protect sensitive systems and data from unauthorized access. The attack was first reported by BleepingComputer on February 8, 2025.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • BleepingComputer: A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from  Palo Alto Networks, Ivanti, and SonicWall.
  • www.bleepingcomputer.com: Massive brute force attack uses 2.8 million IPs to target VPN devices
  • Anonymous ???????? :af:: A large-scale brute force password attack using almost 2.8 million IP addresses is underway
  • BleepingComputer: Massive brute force attack uses 2.8 million IPs to target VPN devices
  • Troy Hunt: Infosec.exchange post about the large-scale brute-force attack targeting networking devices.
  • bsky.app: BleepingComputer post on the brute-force attack targeting Palo Alto, Ivanti and Sonicwall devices.
  • bsky.app: BleepingComputer mentions the attack in a news summary.
  • www.scworld.com: Millions of IP addresses leveraged in ongoing brute force intrusion
  • gbhackers.com: Massive brute force attacks targeting VPNs and firewalls have surged in recent weeks, with cybercriminals using as many as 2.8 million unique IP addresses daily to conduct relentless login attempts.
  • securityboulevard.com: Security Boulevard report on Major brute force attack
Classification:
  • HashTags: #BruteForce #VPN #Firewall
  • Company: ShadowServer
  • Target: Networking Devices
  • Product: Palo Alto Networks, Ivanti, SonicWall
  • Feature: Brute Force
  • Type: Hack
  • Severity: Medium

Posts

Blogs

Research Tools