New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

June 4, 2021

Active VPN Reconnaissance Campaign from Russia Based IP

Peter Bybee

Event Summary

Security On-Demand has discovered a Russian based IP performing an active VPN scanning and password spraying campaign. This IP was observed performing this activity as of May 30, 2021. We are taking this opportunity to alert our client base and recommend any preemptive actions to deter or negate any negative outcomes.

Details

Source IP: 193.27.228.247

NetRange: 193.27.228.0/23

ISP: Starcrecium Limited

Usage Type: Data Center/Web Hosting/Transit

Domain Name: starcrecium.com

Country: Russian Federation

City: Moscow, Moskva

Per online sources, this IP has been observed performing brute force access attempts on VPN services. This does appear to be an active automated spraying campaign. This spraying campaign is attempting a wide range of user names and passwords in order to either gain access or narrow down any user credentials that may not be secure.

This appears to be a large reconnaissance campaign aimed at collecting login credentials, specifically a large number of events are targeting VPN credentials. It is likely any credentials that have been successfully authenticated against a target environment will be used in a malicious fashion, such as selling the credential information to bad actors, using the credentials in a future network intrusion campaign, or other nefarious activity.

SOD has not seen any instances of the user names being listed in the event logs we have received, which shows no valid user names have been used. However, it only takes one predictable user name/password combination to gain access to a network.

Recommendations

It is recommended to block this IP or the entire subnet address range across all public facing interfaces in order to guarantee there are is successful reconnaissance information gathering or access attempts.

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and will notify you of any critical updates as more information is provided. Please contact us if you have any questions.

Sources

https://www.abuseipdb.com/check/193.27.228.247?page=1#report

https://www.virustotal.com/gui/ip-address/193.27.228.247/detection

https://dnslytics.com/ip/193.27.228.247

SERVICES

ABOUT

SIGN-UP FOR FREE THREAT FLASH ALERTS

img.wp-smiley,img.emoji{display:inline !important;border:none !important;box-shadow:none !important;height:1em !important;width:1em !important;margin:0 .07em !important;vertical-align:-.1em !important;background:none !important;padding:0 !important;}#rs-demo-id{}body a{color:#333;font-family:"Droid sans";}body a:hover{color:#0897a5;}.rightsidegd .vc_gitem-post-data-source-post_date,.leftsidegd .vc_gitem-post-data-source-post_date{color:#ee2e24;margin-bottom:5px;font-size:14px;}.rightsidegd .vc_gitem_row .vc_gitem-col{padding:0;padding-bottom:10px;}.rightsidegd .vc_gitem-post-data-source-post_title,.leftsidegd .vc_gitem-post-data-source-post_title{color:#444;font-weight:600;}#mk-ornamental-title-4 h2.title,#mk-ornamental-title-5 h2.title{font-size:22px;}.sideform #gform_wrapper_10 label{display:none;}.sideform #input_10_2,.sideform #input_10_3{width:100%;}.vc_btn3.vc_btn3-color-juicy-pink,.vc_btn3.vc_btn3-color-juicy-pink.vc_btn3-style-flat{background-color:#eb312e !important;}@media only screen and (min-width:767px){.casest .mk-text-block{min-height:190px;}.whitepap .content-box-heading{min-height:78px;}.whitepap .mk-text-block{min-height:250px;}.servpage .content-box-heading{min-height:78px;}.servpage .mk-text-block{min-height:280px;}.casetabs .mk-text-block.padcnt{min-height:160px;}.mk-text-block.padcnt.actionbut{min-height:inherit !important;}.whtpapers .mk-text-block.padcnt{min-height:190px;}.whtpapers h2{min-height:80px;}.servbrif .mk-text-block.padcnt{min-height:240px;}.servbrif h2{min-height:60px;}.midlevelleft{left:-34px;}.midlevelright{right:-34px;}.threeeqlcolmn .vc_col-sm-4{width:31.33333333%;margin:0 1%;}}.smpleclue .vc_column-inner > .wpb_wrapper{box-shadow:0px 1px 3px #ccc;margin-bottom:30px;}.smpleclue .vc_column-inner .wpb_wrapper .wpb_single_image{border-bottom:6px solid red;}.smpleclue .vc_column-inner > .wpb_wrapper:hover,.leftsidegd .vc_grid-item.vc_col-sm-4 > .vc_grid-item-mini:hover,.smpleclue .vc_column-inner > a:hover + .wpb_wrapper{transform:translate(0,-2px);box-shadow:0 5px 10px rgba(0,0,0,.2),0 10px 20px rgba(0,0,0,.2);}.padcnt{padding:5px 15px;}.actionbut{text-align:right !important;}.call-act-but .left-tim .mk-button-container{text-align:right;}.call-act-but .rght-tim .mk-button-container{text-align:left;}.call-act-but{padding:50px 0px 30px;}#mk-button-18 .mk-button,#mk-button-20 .mk-button,#mk-button-29 .mk-button{text-transform:uppercase !important;}.mk-button--dimension-flat.text-color-dark{color:#0897a5;}.milestone-top span{color:#0897a5 !important;}#threebx .box-detail-wrapper{text-align:left;}.wtwp-testimonials-slider-wrp .slick-slider{background:transparent;}.wtwp-testimonials-slider-wrp h4{display:none;}.wptww-testimonials-slidelist.design-1 .fa-quote-left,.wptww-testimonials-list.design-1 .fa-quote-left,.wptww-testimonials-slide-widget.design-1 .fa-quote-left{color:#ee2e24;}.clientfeed{padding:80px 60px 30px;box-shadow:0px 0px 5px #bbb;border-radius:10px;}.wptww-testimonials-text p{font-size:18px !important;line-height:35px;padding:20px;}.wptww-quote{outline:none !important;}.wptww-testimonial-client{font-size:25px;text-transform:uppercase;padding:6px;}.sixboxlet .mk-box-icon.boxed-style .mk-main-ico .mk-svg-icon{width:50px !important;height:50px !important;}.sixboxlet .mk-box-icon.boxed-style .icon-box-boxed.left{margin-left:0;padding:30px 30px 30px 100px;background:none;border:none;box-shadow:6px 5px 30px 0px rgba(0,0,0,.12);}.sixboxlet .mk-box-icon.boxed-style .icon-box-boxed.left .mk-main-ico{left:15px;}.sixboxlet .mk-box-icon.boxed-style h4{margin-bottom:15px;font-size:22px !important;font-weight:600 !important;}.leftclmns,.rightclmns{padding:100px 60px;}.eq-level-box{overflow:inherit !important;}.leftclmns{border-top-right-radius:10px;}.rightclmns{background:#666;top:40px;border-bottom-left-radius:10px;padding-left:100px;}.leftclmns ul li,.rightclmns ul li{line-height:38px !important;color:#fff;}.rightclmns ul li{line-height:38px !important;color:#fff;}.rightclmns ul li .mk-svg-icon,.leftclmns ul li .mk-svg-icon{top:10px;}.home .mk-edge-custom-content h1 span strong{color:#fff !important;}.lr-column .vc_col-sm-6{padding:40px;}.vc_icon_element.vc_icon_element-outer .vc_icon_element-inner.vc_icon_element-size-xl .vc_icon_element-icon{font-size:12em !important;}.lr-column .vc_col-sm-6 .icon1-level{padding-top:28%;}.lr-column .vc_col-sm-6 .icon2-level{padding-top:22%;}.lr-column .vc_col-sm-6 .icon3-level{padding-top:32%;}.mk-process-steps ul li h3{font-size:20px !important;}.mk-process-steps.process-steps-3 .mk-process-icon svg{height:40px;}.mk-process-steps.process-steps-3 .mk-process-icon{width:100px;height:100px;}.mk-process-steps.process-steps-3 ul:before{top:60px;}.mk-process-steps ul:before{left:160px;width:70%;}#text-block-10{padding-right:40px;}#text-block-10 p{line-height:35px;font-size:16px;letter-spacing:1px;}.vc_icon_element.vc_icon_element-outer .vc_icon_element-inner.vc_icon_element-color-peacoc .vc_icon_element-icon{color:#0897a5;}.page-id-7769 .vc-hoverbox-block{background-image:none !important;}.page-id-7769 .vc-hoverbox-block.nitro-lazy{background-image:none !important;}.single-private-page .blog-single-title{display:inline-block;}.single-private-page #mk-page-introduce{display:none;}.single-private-page .fitpage{margin:0px;}.colorwht,.colorwht p{color:#fff;font-size:18pt;}.listsec-cnt h3{text-transform:capitalize !important;}.boxx-stlye .aio-icon-component.style_3{min-height:120px;border:1px solid #0897a5;}.boxx-stlye .aio-icon-component.style_3:hover{background:#0897a5;}.boxx-stlye .aio-icon-component.style_3:hover h3{color:#fff;}.boxericon .aio-icon-component.style_1{border:1px solid;padding:25px 15px;min-height:80px;}.master-holder .listboxro h3{font-size:24px;font-weight:bold;margin-bottom:20px;}.master-holder .listboxro2 h3{font-size:25px;font-weight:bold;}.threeclmn .aio-icon-component.style_1{padding:30px;box-shadow:0px 0px 14px #ccc;border-radius:30px;}.threeclmn .align-icon,.threeclmn .aio-icon-header,.threeclmn .aio-icon-description{text-align:left !important;}#text-block-16 h3{font-weight:bold;font-size:22px;}.boxx-stlye .aio-icon-component.style_3 h3{font-weight:bold;}.threeclmn2 .aio-icon-component.style_1{padding:18px;box-shadow:0px 0px 14px #ccc;border-radius:30px;}.threeclmn2 h3{text-transform:capitalize !important;line-height:23px !important;font-size:16px !important;}.liststyleicon ul li{line-height:35px;list-style:none;padding-left:30px;margin:0;}.liststyleicon ul li{padding:0px;margin:0px;}.liststyleicon ul li:before{content:"";height:4px;width:13px;background:#0897a5;display:block;position:relative;left:-25px;top:20px;}.shd-left{box-shadow:0px 3px 30px #ddd;border-top-left-radius:15px;border-bottom-left-radius:15px;}.shd-right{box-shadow:0px 3px 30px #ddd;border-top-right-radius:15px;border-bottom-right-radius:15px;}.shd-left p,.shd-right p{font-size:16px !important;}.dce-post-date{position:absolute;top:-220px;word-wrap:anywhere;text-align:center !important;background:#fff;left:15px;padding:8px 27px !important;border-radius:8px;}.dce-post-date span{display:block;color:#1a97a4;}.brandlogo a{display:inline-block;padding:0 5px 0 0;border-radius:5px;}.brandlogo a img{border-radius:5px;}.bdt-content p{font-size:14px;color:#fff;line-height:20px;margin:0;}.single-news .mk-main-wrapper{max-width:980px;}.layoutblg .bdt-list .bdt-post-block-item{visibility:visible !important;}.postnav-sec .navplus.activenav{background:#fff;}.postnav-sec .navplus.activenav a{color:#5472d2;display:block;padding:17px;width:100%;}.postnav-sec .navplus.activenav:hover{background:#dcdcdc;}.postnav-sec .navplus{background:#ebebeb;}.postnav-sec .navplus a{color:#666;display:block;padding:17px;width:100%;}.postnav-sec .navplus:hover{background:#dcdcdc;}.sl-post{margin-bottom:0px !important;}.elementor-pagination{text-align:center;margin-top:25px;}.g-form-side .gfield_label,.elementor-nav-menu .sub-arrow{display:none !important;}.g-form-side .gform_wrapper .top_label input.medium,.g-form-side #gform_submit_button_10{width:100%;}.cntcont .cnt-add strong{color:#333;}.cnt-add{font-size:16px;}.bdt-gravity-forms #input_2_8 li{display:inline-block;margin-right:15px;}.bdt-gravity-forms #input_2_8 li input{margin-top:0px;}.bdt-gravity-forms textarea{height:70px !important;}.bannerfrm input{height:40px;}.bannerfrm input[type="submit"]{padding:18px 50px;height:auto;}.ctainfo{font-size:25px !important;margin:0;padding:20px 0;font-weight:bold !important;}.iconbackgd .elementor-icon-list-icon{background:#fff;padding:18px;text-align:center;}.upiconstar .bdt-advanced-icon-box-icon{margin-bottom:0px !important;margin-top:-24px;position:relative;top:10px;}textarea,input[type=text],input[type=tel],input[type=email],input[type=url],input[type=password],input[type=search],select{color:#767676;background-color:#fdfdfd;border:1px solid #e3e3e3;outline:none;margin-bottom:4px;}.bdt-gravity-forms input[type="submit"]{background:#0897a5;color:#fff;font-family:"Droid sans";font-weight:700;text-transform:uppercase;letter-spacing:1px;border:0;padding:8px 24px;}.bdt-gravity-forms input[type="submit"]:hover{background:#000 !important;}.one-circle a{color:#fff !important;}.boldfont{font-weight:bold !important;}.leftcontent1 h2{font-size:30px !important;text-transform:uppercase !important;font-weight:bold !important;padding:50px 50px 0px !important;}.leftcontent1 h2:after{content:"";display:block;height:2px;width:100px;background:#ee2e24;margin-top:25px;}.textsecut{padding:25px 50px;}.leftcontent1 .aio-icon-header h3.aio-icon-title{width:70%;margin:10px auto;line-height:27px;color:#fff;}.rightcontent1 .wpb_single_image{margin-bottom:0;}.rightbdr{border-right:1px solid #f9f9f9;}.baselevel1{padding:35px 0 0px;}.baselevel1 .aio-icon-component > a:hover .aio-icon i,.baselevel1 .aio-icon-component > a:hover .aio-icon-header h3{color:#0897a5 !important;}.homeColumn2 h2{padding:15px;}h1.bannerwedge{font-weight:600 !important;}.context1 p{font-size:17pt;}.nwflipfx .ifb-face.ifb-front h3{font-size:80px !important;padding:50px;color:#fff !important;}.nwflipfx .ifb-face.ifb-front{background:#0897a5 !important;}.nwflipfx .ifb-face.ifb-back{color:#fff !important;background:#ee2e24 !important;}.nwflipfx .ifb-face.ifb-back p{color:#fff !important;font-size:18pt !important;line-height:40px !important;}.elementor-blockquote--skin-quotation .elementor-blockquote:before{position:initial;background:none;}.one-circle{width:500px;position:relative;margin:0 auto;}.mid-center{position:absolute;width:190px;height:185px;padding:60px 48px;text-align:center;background:#000;left:0;right:0;top:50%;transform:translateY(-50%);margin:0 auto;color:#fff;border-radius:50%;line-height:22px;font-size:16px;}.top-left,.top-right,.bottom-left,.bottom-right{width:250px;display:table-cell;height:248px;padding:70px;vertical-align:middle;text-align:center;border:.5px solid #fff;font-size:16px;}.top-left{background:#002060;color:#fff;border-radius:235px 0px 0px 0px;}.top-right{background:#027434;color:#fff;border-radius:0px 235px 0px 0px;}.bottom-left{background:#991649;color:#fff;border-radius:0px 0px 0px 235px;}.bottom-right{background:#ffbf00;color:#fff;border-radius:0px 0px 235px 0px;}.top-left:hover,.top-right:hover,.bottom-left:hover,.bottom-right:hover{background:#000;}.triconsection .elementor-widget-image-box:hover .elementor-widget-container .elementor-image-box-description{color:#000;}html{overflow-x:hidden;}.allhead{width:150px;height:150px;background:#ccc;border-radius:50%;padding:30px;text-align:center;vertical-align:middle;display:table-cell;position:absolute;font-size:14px;}.allhead.active{box-shadow:0px 1px 10px #666;}.allhead:hover{background:#f80f0f;}.allhead p{position:relative;font-size:14px;display:table-cell;height:100px;width:100px;vertical-align:middle;color:#fff;padding:0;top:-6px;}.fullbox{width:550px;height:550px;text-align:center;position:relative;}.c-top-area{margin:0 auto;position:absolute;top:0;left:0;right:0;background:#035154;color:#fff;}.c-top-area:after{content:"";height:35px;width:4px;display:block;position:absolute;background:#999;text-align:center;margin:0 auto;bottom:-42px;left:0;right:0;}.c-center-area{margin:0 auto;position:absolute;top:50%;left:0;right:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:#000;color:#fff;}.c-bottom-area{margin:0 auto;position:absolute;bottom:0;left:0;right:0;background:#00a0af;color:#fff;}.c-bottom-area:after{content:"";height:35px;width:4px;display:block;background:#999;text-align:center;margin:0 auto;top:-42px;position:absolute;left:0;right:0;}.c-left-area{position:absolute;top:50%;left:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:#999;color:#fff;}.c-left-area:after{content:"";height:4px;width:35px;display:block;background:#999;text-align:center;margin:0 auto;right:-42px;top:50%;position:absolute;-ms-transform:translateY(-50%);transform:translateY(-50%);}.c-right-area{color:#fff;position:absolute;top:50%;right:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:green;}.c-right-area:after{content:"";height:4px;width:35px;display:block;background:#999;text-align:center;margin:0 auto;top:50%;position:absolute;-ms-transform:translateY(-50%);transform:translateY(-50%);left:-42px;}.contentlevel{display:none;}.contentlevel.active{display:block;}.circle-content{padding:30px;}

Active VPN Reconnaissance Campaign from Russia Based IP

Peter Bybee

Event Summary

Details

Recommendations

SOD Actions

Sources

RECOMMENDED POSTS

The Confusion Between Attack Surface Reduction and Vulnerability Management

Security Operations Expert: Meet Dorian James, DeepSeas

Meet Our Deep: Richard Waller, DeepSeas Cyber Security Account Executive

SERVICES

ABOUT

SIGN-UP FOR FREE THREAT FLASH ALERTS

FOLLOW US