Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Brute-force VPN attacks can now be automated

A group of hackers has developed an automated brute-forcing framework dubbed "BRUTED" to breach edge networking devices including firewalls and VPNs.
The framework has enabled the so-called "BlackBasta" operation to streamline network access and scale cybersecurity attacks on vulnerable devices and networks.
As of yet, this attack tool hasn't been used to target the best VPNs, but many of the most common business VPNs were listed.
The existence of "BRUTED" was discovered following a leak of the gang's internal chat logs and subsequent examination.
Perimeter 81: the best business VPN
Perimeter 81 offers a wide range of business VPN options and tops our best business VPN list. It utilizes a cloud-based software and requires a minimum of 10 employees. Plans include a security suite and cost $80 per month. A 30-day money-back guarantee is also included.
Analysis of the logs showed that "BRUTED" has been used since 2023. It has been specifically designed to commit brute-force attacks on products including SonicWall NetExtender, Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet SSL VPN, and WatchGuard SSL VPN.
None of the best business VPNs we recommend have been affected, but in February 2025, Palo Alto and SonicWall services were caught up in a brute-force VPN attack using 2.8 million IP addresses.
SonicWall VPN was also hit with a vulnerability in January 2025, which was the second VPN-related vulnerability in a matter of months.
The automated nature of attacks poses a significant risk because more services can be targeted and hackers can focus their resources elsewhere, whilst scaling up automated attacks.
Brute-force attacks often rely on a failure to reinforce accounts. 123456 is the world's most popular password and analysis of the chat log data suggested that "BRUTED" takes advantage of weak and reused passwords. Many of these passwords can be cracked in seconds and leave your network and organization at risk.
Having strong, lengthy, and unique passwords is a vital step in securing your network. Use a mixture of letters, numbers, and symbols – the more random the better.
The best password managers can generate and store these complex passwords for you, making it easier than ever to secure your accounts.
Ensuring two-factor authentication (2FA) is enabled is also crucial. You can link your accounts with a backup email address, phone number, or authenticator app, and this will require two-steps to be taken before you access your accounts.
If your account is compromised, then 2FA can help you spot suspicious activity before any of your data is exploited.
No vulnerabilities have been exploited by "BRUTED," but regularly updating your system software will keep it up-to-date and protect against vulnerability exploitation.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights, censorship, data, and the interplay between cybersecurity and politics. Outside of work, George is passionate about music, Star Wars, and Karate.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.

















