A group of hackers has developed an automated brute-forcing framework dubbed "BRUTED" to breach edge networking devices including firewalls and VPNs.
The framework has enabled the so-called "BlackBasta" operation to streamline network access and scale cybersecurity attacks on vulnerable devices and networks.
As of yet, this attack tool hasn't been used to target the best VPNs, but many of the most common business VPNs were listed.
The existence of "BRUTED" was discovered following a leak of the gang's internal chat logs and subsequent examination.
Analysis of the logs showed that "BRUTED" has been used since 2023. It has been specifically designed to commit brute-force attacks on products including SonicWall NetExtender, Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet SSL VPN, and WatchGuard SSL VPN.
None of the best business VPNs we recommend have been affected, but in February 2025, Palo Alto and SonicWall services were caught up in a brute-force VPN attack using 2.8 million IP addresses.
SonicWall VPN was also hit with a vulnerability in January 2025, which was the second VPN-related vulnerability in a matter of months.
The automated nature of attacks poses a significant risk because more services can be targeted and hackers can focus their resources elsewhere, whilst scaling up automated attacks.
Brute-force attacks often rely on a failure to reinforce accounts. 123456 is the world's most popular password and analysis of the chat log data suggested that "BRUTED" takes advantage of weak and reused passwords. Many of these passwords can be cracked in seconds and leave your network and organization at risk.
Having strong, lengthy, and unique passwords is a vital step in securing your network. Use a mixture of letters, numbers, and symbols – the more random the better.
The best password managers can generate and store these complex passwords for you, making it easier than ever to secure your accounts.
Ensuring two-factor authentication (2FA) is enabled is also crucial. You can link your accounts with a backup email address, phone number, or authenticator app, and this will require two-steps to be taken before you access your accounts.
If your account is compromised, then 2FA can help you spot suspicious activity before any of your data is exploited.
No vulnerabilities have been exploited by "BRUTED," but regularly updating your system software will keep it up-to-date and protect against vulnerability exploitation.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
