A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
ATT&CK techniques detected
T1190Exploit Public-Facing Application
75%
“identified about 500 ips globally exhibiting similar traits : - a unique ja4t signature — 5840 _ 2 - 4 - 8 - 1 - 3 _ 1460 _ 1 — representing 90 % of the traffic from this isp, indicating the hardware is similar across compromised hosts. - telnet login attempts using weak or defau…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1584.005Botnet
53%
“part of the attack surface long after disclosure. we recently explored this dynamic in our latest report on resurgent vulnerabilities, where we highlight how long - patched flaws in edge devices are repeatedly targeted. then it stopped shortly after a member of our team posted a …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1498.001Direct Network Flood
34%
“part of the attack surface long after disclosure. we recently explored this dynamic in our latest report on resurgent vulnerabilities, where we highlight how long - patched flaws in edge devices are repeatedly targeted. then it stopped shortly after a member of our team posted a …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A spike in botnet traffic from a single utility in a rural part of New Mexico led to the discovery of a global botnet. Explore how human-led, AI-powered analysis exposed compromised devices, uncovered attack patterns, and why defenders should take note.