Activity today is low. We have seen the usual scanning and scripted attacks. Many of the attackers are already covered under the Jigsaw Security threat intelligence feeds and automated cloud protection.
We continue to see NETCORE router activity from the IP addresses below.
We continue to see exploit kit activity and have added the latest threats to event 28863.
With the exception of scanning activity that is blocked by Jigsaw Security FirstWatch Sensors, no major activity is standing out to our analyst at this time.
NETCORE Router Exploits: We are seeing threat actors attacking home networking routers. Over the last few days we have noticed 3-5 IP addresses daily (and they are being changed daily) attacking home routers. Events: There are multiple events covering this issue.
159[.]65[.]81[.]70 206[.]189[.]226[.]218 209[.]97[.]158[.]125