Multiple complaints to PSL have resulted in no change in this behavior and PSL IP addresses are continuing to engage in a large number of brute force attacks.
The following shows the top IP addresses at PSL for a single day in December and how many attacks they generated in just 24 hours. In December of last year, we noted that most of the brute force attacks we were seeing during a December spike were originating from PSL. The IP address 91.200.12.103 is owned by an organization called “ PP SKS-LUGAN” (PSL) which we have written about previously. We decided to take a closer look at what kind of activity this IP is engaging in and we ended up uncovering a vast network of attack sites, what their tactics, techniques and procedures are (TTPs) and who is behind them. Wordfence blocked 1.7 million attacks from this IP targeting over 22,000 websites from February 21st until February 28th.
One IP address that we noticed is 91.200.12.103. Late this month (February) we noticed a new surge in attacks. Last Month Wordfence blocked an average of 25 million brute force attacks per day as you can see in our January WordPress Attack Activity Report: The number of brute force attacks that we see each month targeting WordPress is incredibly high. We have code-named this organization JerseyShore. Finally, we follow a financial trail to uncover individuals who are behind the campaign and prove that they are connected to each other and are likely part of a criminal organization.
We describe the threat actor’s tactics, techniques and procedures.
We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. Today we are posting an in-depth analysis of a prolific brute force attacker.
0 kommentar(er)
