2.8 million IP addresses being used in brute force attack on VPNs

Red computer security warning
(Image credit: sarayut Thaneerat / Getty Images)

VPNs are being targeted in a mass-scale, brute force password attack that has seen almost 2.8 million IP addresses being used.

Hackers have been attempting to access a wide range of networking devices, with Palo Alto Networks, Ivanti, and SonicWall in the firing line.

The attack is reported to have first emerged in January but has since ramped up its efforts. However, at this stage, none of the best VPNs appear to be affected.

Attack details

The attack is known as a brute force attack, which is where hackers attempt to repeatedly log into an account or device using a range of usernames and password combinations until the correct ones are found.

With the correct combination of details, hackers can gain access to the network, steal data, or hijack devices. As well as VPNs, gateways, firewalls, and other edge security devices are being targeted.

The Shadowserver Foundation is a threat monitoring platform, and has reported that the attack first began in January, with up to 2.8 million sourced IP addresses being used daily to undertake the attack.

Of those IP addresses, 1.1 million are from Brazil, with others from Turkey, Russia, Argentina, Morocco, and Mexico. However, this list is not exclusive and it is expected there are IP addresses from many more countries involved.

In a statement to BleepingComputer, The Shadowserver Foundation confirmed that the activity has been ongoing for a while but recently increased to a much larger scale.

The group also said it is likely botnets or residential proxy networks are being used to carry out the attacks. A botnet is when a network of computers are infected with malware and under the control of a cybercriminal.

Residential proxies are a vast network of real IP addresses provided by internet service providers (ISPs). They can be obtained and used to access the internet, using these IP addresses rather than your own.

Whilst they are not illegal, they are often sought out by cybercriminals and used for malicious purposes. The activity linked to the IP address appears to be linked to a regular home user and not a hacker, meaning the cybercriminals can stay hidden.

Cartoon image of hacker stealing passwords

(Image credit: Getty Images)

Devices from Huawei, Cisco, MikroTik, Boa, as well as ZTE routers are being used to carry out the attack and have likely been compromised themselves.

Having strong passwords, as well as setting up 2-factor authentication (2FA) is a crucial step in securing your devices, regardless of whether they're for business or personal use. Passwords should be unique and feature a mixture of symbols, letters, and numbers. The best password managers are a helpful tool for secure password storage and generation.

How to protect yourself

Although business VPNs have been targeted in this attack, none of the best business VPNs were involved, and they remain a solid tool for protecting your business networks.

A strong business VPN will allow employees to securely access servers, data, and information remotely, regardless of where they are located.

Small and medium businesses are the most attractive to hackers, but businesses of all sizes can be at risk and a business VPN ensures all your data is encrypted and protected.

Business VPNs with static IP addresses are recommended and many use encrypted, cloud-based servers, protecting all your data in one place.

Image of VPN connected to motherboard

(Image credit: Getty Images)

For individuals, all the VPNs featured in our best VPNs list are good options. Your internet traffic and personal data is protected and sent through encrypted tunnels, meaning it can't be seen by third-parties.

Good data privacy practices are still required, but VPNs offer a strong layer of protection and many come with additional cybersecurity features such as threat protection, antivirus, and password managers.

If you want to secure your network at its source, then you may want to consider a router VPN. The best router VPNs can be installed on your home Wi-Fi router and will encrypt the data of any devices connected to it.

ExpressVPN, the best VPN for beginners, offers its Aircove router. The hardware is pre-loaded with ExpressVPN technology and is very simple to set up – an easier, albeit more expensive, option than installing a router VPN on your existing router.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

George Phillips
Staff Writer

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights, censorship, data, and the interplay between cybersecurity and politics. Outside of work, George is passionate about music, Star Wars, and Karate.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Graphic of fibre optic cables attacking code
An estimated 46,000 VPN servers are vulnerable to being hijacked
Image of technical screen displaying system hacked warning
SonicWall VPN hit with second vulnerability
Graphic of red warning sign
Critical VPN vulnerabilities continue to impact businesses
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
A Wi-Fi router next to a phone with a lock symbol on the screen
Massive MikroTik router botnet has been spreading malware – here’s how to stay safe
Latest in VPNs
ExpressVPN Lightway Turbo logo
Fast just got faster – introducing ExpressVPN's Lightway Turbo
ExpressVPN connected on Linux app
ExpressVPN launches huge Linux update – what you need to know
Cartoon image of three people using smartphones and laptops
NordVPN reinforces its security credentials with independent audit
ExpressVPN on an iPhone
What is ExpressVPN's Personal Data Removal?
VPN on phone in front of US flag
43% of Americans use VPNs – should you?
Surfshark Dynamic MultiHop
What is Surfshark's Dynamic Multi-hop?
Latest in News
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
Nintendo Switch 2 promo image
Nintendo Switch 2 patent hints at a major improvement — and it could be the reason for the mysterious “C” button
Cruel Intentions on Prime Video
Amazon cancels 'Cruel Intentions' after one season on Prime Video
(L-R) Adeline Rudolph and Jack Kesy in "Hellboy: The Crooked Man" (2024).
Hulu top 10 movies — here's what you need to be watching right now
How to tour the Super Bowl stadium virtually with Google Maps
Google Maps glitch is purging Timeline data — what we know
The iPhone 17 Air next to an iPhone 16 Pro Max
iPhone 17 Air could be this thin — new photo vs iPhone 16 Pro Max