Hotbed of Cybercrime Activity Tracked Down to ISP in Ukrainian Region Under Russian Control

More details have surfaced regarding a recent wave of brute-force attacks (dictionary attacks to be more accurate) that have targeted WordPress sites over the past few weeks.

The attacks, first detected and described by WordPress security firm WordFence, targeted WordPress sites across the globe, but most of the malicious traffic originated from a limited set of IP addresses, assigned to an ISP in the Ukraine.

WordFence said that it detected over 1.65 million daily brute-force attempts from a small-time ISP identified only as “Pp Sks-lugan,” of which, over 1.5 million came from eight IP addresses, most likely under the control of one single person.

Brute-force attacks from the 8 Ukrainian IPs
Brute-force attacks from the 8 Ukrainian IPs [Source: WordFence]

A few days later after WordFence made public their discovery, the company says that Ukrainian users have reached out and provided more information

Read more at: