Summary: A surge in cybersecurity threats linked to the Russian bulletproof hosting service Proton66 has been reported, involving mass scanning and exploitation attempts targeting organizations worldwide. Researchers revealed various malware campaigns and significant vulnerabilities being exploited, particularly relating to Fortinet’s FortiOS and other platforms. Organizations are advised to block CIDR ranges associated with Proton66 to mitigate the risks posed by these activities.
Affected: Organizations worldwide, particularly those using affected software platforms.
Keypoints :
- Mass scanning and credential brute-forcing from Proton66 IP addresses have increased since January 2025.
- Exploitation attempts target critical vulnerabilities, including those in Palo Alto Networks PAN-OS and Fortinet FortiOS.
- Malware campaigns linked to Proton66 involve threats like XWorm, StrelaStealer, and WeaXor ransomware targeted at specific linguistic groups.
Source: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html