According to the “Phone arena” website, these attacks, which often originate from Germany, focus on the VPN infrastructure in the United States, Mexico, and Pakistan. More than 10,000 unique IP addresses are being used, and the attacks target corporate VPN networks. “GreyNoise” has recorded more than 1.7 million connection attempts in 16 hours to access these networks.
Through this attack, the attackers aim to compromise as many employee accounts as possible, which enables them to impersonate identities and possibly engage in espionage or institutional sabotage activities. This attack also exposes intellectual property to theft. If these attacks are part of a broader campaign or target companies linked to governments, they could pose a serious threat to national security.
These attacks rely on a “password spraying” strategy instead of the more common “brute-force attack” method. In a brute-force attack, attackers focus on a limited number of systems and spend a long time trying hundreds of thousands, or even millions, of different password combinations. In “password spraying,” attackers target a large number of devices and try only common passwords before moving on to the next target.
This method can be very effective, as many people use simple passwords on personal and work computers. In fact, sensitive systems belonging to the US government have been compromised in the past due to password spraying attacks.
Although this attack targets corporate VPN systems and not personal systems, it is always best to exercise caution. For example, avoiding the use of common passwords on your systems is a good preventative measure in general, even if this particular attack has not been reported, there are certainly many similar attacks targeting personal computers at this time.
Also, using a virtual private network (VPN) to browse the Internet improves your protection, as all your data becomes unreadable to anyone trying to spy on it, but you must be careful about passwords. (اليوم السابع)
