Hackers create "BRUTED" tool to attack VPNs – how to stay safe

Hacker typing on laptop in darkened room
(Image credit: Witthaya Prasongsin / Getty Images)

A group of hackers has developed an automated brute-forcing framework dubbed "BRUTED" to breach edge networking devices including firewalls and VPNs.

The framework has enabled the so-called "BlackBasta" operation to streamline network access and scale cybersecurity attacks on vulnerable devices and networks.

As of yet, this attack tool hasn't been used to target the best VPNs, but many of the most common business VPNs were listed.

The existence of "BRUTED" was discovered following a leak of the gang's internal chat logs and subsequent examination.

Perimeter 81: the best business VPN$80 per month

Perimeter 81: the best business VPN
Perimeter 81 offers a wide range of business VPN options and tops our best business VPN list. It utilizes a cloud-based software and requires a minimum of 10 employees. Plans include a security suite and cost $80 per month. A 30-day money-back guarantee is also included.

Analysis of the logs showed that "BRUTED" has been used since 2023. It has been specifically designed to commit brute-force attacks on products including SonicWall NetExtender, Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet SSL VPN, and WatchGuard SSL VPN.

None of the best business VPNs we recommend have been affected, but in February 2025, Palo Alto and SonicWall services were caught up in a brute-force VPN attack using 2.8 million IP addresses.

SonicWall VPN was also hit with a vulnerability in January 2025, which was the second VPN-related vulnerability in a matter of months.

The automated nature of attacks poses a significant risk because more services can be targeted and hackers can focus their resources elsewhere, whilst scaling up automated attacks.

Brute-force attacks often rely on a failure to reinforce accounts. 123456 is the world's most popular password and analysis of the chat log data suggested that "BRUTED" takes advantage of weak and reused passwords. Many of these passwords can be cracked in seconds and leave your network and organization at risk.

Having strong, lengthy, and unique passwords is a vital step in securing your network. Use a mixture of letters, numbers, and symbols – the more random the better.

Graphic of hand using password key in a lock

(Image credit: Boris Zhitkov / Getty Images)

The best password managers can generate and store these complex passwords for you, making it easier than ever to secure your accounts.

Ensuring two-factor authentication (2FA) is enabled is also crucial. You can link your accounts with a backup email address, phone number, or authenticator app, and this will require two-steps to be taken before you access your accounts.

If your account is compromised, then 2FA can help you spot suspicious activity before any of your data is exploited.

No vulnerabilities have been exploited by "BRUTED," but regularly updating your system software will keep it up-to-date and protect against vulnerability exploitation.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

George Phillips
Staff Writer

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights, censorship, data, and the interplay between cybersecurity and politics. Outside of work, George is passionate about music, Star Wars, and Karate.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Red computer security warning
2.8 million IP addresses being used in brute force attack on VPNs
Image of technical screen displaying system hacked warning
SonicWall VPN hit with second vulnerability
Graphic of red warning sign
Critical VPN vulnerabilities continue to impact businesses
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
Graphic of fibre optic cables attacking code
An estimated 46,000 VPN servers are vulnerable to being hijacked
Malware
The top cyber threats to watch out for in 2025
Latest in VPNs
Hacker typing on laptop in darkened room
Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Proton VPN logo and in-app screenshots
"If you control online, you control everything" – Proton is taking the fight to internet censorship
Chelsea Manning speaking at the NymVPN launch event
Chelsea Manning-backed NymVPN launches in bid to win the "censorship arms race"
ExpressVPN
Calling all students! Protect your online privacy with ExpressVPN's exclusive offer
White NymVPN logo on green graphic background
Introducing NymVPN – could this be the world's most secure VPN?
ExpressVPN Lightway Turbo logo
Fast just got faster – introducing ExpressVPN's Lightway Turbo
Latest in News
Hacker typing on laptop in darkened room
Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Gemini screenshot image
Gemini just became the ultimate collaborator — everything you need to know about this huge new upgrade
HP OmniBook
HP’s new OmniBook lineup looks set to smash AI laptop price barriers — that’s a good thing if the company keeps up its end of the deal
Roku Pro Series on living room wall
Roku is adding the worst part of Fire TV to its streaming devices
Adam James and Christina Hendricks in The Buccaneers
'The Buccaneers' season 2 gets release date — here's our first look at this season's new star character