NETCORE Attacks now coming from AWS


We have been reporting on NETCORE router attacks recently. Today we noted that these attacks are now coming from AWS. We believe that our publishing of the IP addresses for this campaign may have caused the threat actor to move to AWS away from the compromised systems that we were seeing being used in these attacks previously.

We have reported frequently on the vulnerable routers and you can view more information on these attacks in a previous blog post. There are similarities between VPNFilter and the NETCORE scripted attacks we are observing. Trend Micro is also reporting and protecting against some of this same activity.

IOCS:

54.238.249.78 - New Offender

206.189.171.38

193.238.130.169

206.189.1.234

209.97.158.125

159.65.81.70

209.97.135.30

206.189.226.218

#NetworkAttacks #Attacks

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.