China Leveraging Vultr heavily to launch new attacks!


Normally China host many IP addresses and computing infrastructure and utilizes these systems to carry out attack quick frequently. Today when looking through some recent targeting information we observed China utilizing servers on the Vultr hosting platform.

You would think that China would have enough hardware to carry out attacks on their own systems but we have seen many attacks over the years coming from AWS, Azure and other hosting providers. Why this particular campaign is utilizing Vultr systems to carry out the attacks is not known but believed to be vulnerable systems that have been hijacked by Chinese bots (responsible for scanning for vulnerabilities nearly continually).

China is known to scan systems frequently and usually identifies vulnerabilities quite quickly so it's not known of they have just hijacked systems at Vultr or actually purchased the servers to use in their campaign.

Look at the raw data

Customer wishing to look at the raw data can go to event 22322 to read more about this observation and what credentials are being stolen by the threat actor(s).


13 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.