Attack flood 2022/12/18-2022/12/23

This commit is contained in:
DarkFeather 2022-12-23 12:23:18 -06:00
parent 5a455358c4
commit dcec43d674
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
1 changed files with 11 additions and 0 deletions

View File

@ -11,6 +11,17 @@
<id>https://aninix.net/</id>
<entry>
<title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>
<updated>2022-12-23T18:19:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>
<summary>
<p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
<p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>
</summary>
</entry>
<entry>
<title>78.128.113.166/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>