Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FDN3 brute-force and password-spraying campaign targeting SSL VPN and RDP devices

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

A Ukraine-based network FDN3 (AS211736) is tied to a massive brute-force and password-spraying campaign against SSL VPN and RDP devices, creating a high-risk path to initial access for downstream intrusions. The activity reached a record high in July 2025 and used infrastructure that could support multi-day attempts.

Related Happenings

GreyNoise late-August Cisco exposed-services reconnaissance campaign

Campaign
First: 25.09.2025 19:49 Last: 25.09.2025 19:49 Sources 1

About this happening: Two large-scale reconnaissance campaigns probed **Cisco ASA login portals** and **Cisco IOS Telnet/SSH services** exposed online in **late August**, signaling broad interest in Ci...

Open Happening

Late-August scanning surge against Cisco ASA and Cisco IOS Telnet/SSH

Target Trend
First: 09.09.2025 00:44 Last: 09.09.2025 00:44 Sources 1

About this happening: **Late August 2025** saw a sharp rise in **reconnaissance against Cisco ASA** and related **Cisco IOS Telnet/SSH** exposure, increasing the risk that internet-facing remote-access...

Open Happening

Timeline

  1. 02.09.2025 13:38 2 articles · 8mo ago

    FDN3 brute-force and password-spraying campaign targets SSL VPN and RDP devices

    Initial Disclosure

    Intrinsec tied the Ukraine-based autonomous system FDN3 (AS211736) to a brute-force and password-spraying campaign against SSL VPN and RDP devices during June-July 2025. The analysis said some IPv4 prefixes were moved to FDN3 in June 2025, and activity on 88.210.63[.]0/24 reached a record high between July 6 and 8, 2025, with attempts that could last up to three days.

    Show sources
    Open in new tab