Cybersecurity researchers observed a notable increase in malicious activities attributed to Proton66, a Russian bulletproof hosting provider, beginning January 8, 2025. The analysis from Trustwave SpiderLabs indicates that certain IP ranges were especially active in mass scanning and brute-forcing against worldwide organizations. Many detected IP addresses were previously inactive or not known for malicious activities. Additionally, this provider has been associated with malware families, GootLoader, and SpyNote, raising concerns. The routing of malicious activities through established networks, and potential ties with Kaspersky Lab, have sparked debates around cybersecurity collaboration and responsibility.
Cybersecurity researchers have identified a significant increase in malicious activities including mass scanning and brute-forcing coming from a Russian hosting service, Proton66.
Since January 8, 2025, Trustwave SpiderLabs reported ongoing attacks targeting global organizations, tracing back to previously inactive IP addresses associated with Proton66.
Malware families like GootLoader and SpyNote have utilized Proton66 for hosting their command-and-control servers, intensifying the cybersecurity threat landscape.
Despite connections being drawn between Prospero and Kaspersky Lab, the antivirus vendor denies any collaboration, stating that routing through its networks does not imply partnership.
Collection
[
|
...
]