GreyNoise Launches Block: Fully configurable, real-time blocklists
.png){kind=spacer}
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: January 26β30, 2026
A single JA4T signature linked React, Fortinet, Palo Alto, and ENV campaigns across 3.3 million sessions. Combined with a 20M-session VNC reconnaissance surge and two-week RouterOS persistence, this week confirms coordinated operations targeting enterprise infrastructure at scale.
β
β
Netherlands-based infrastructure systematically enumerated VNC ports 5900-5920 with uniform distribution across ~100IPs. Reconnaissance at this scale typically precedes credential attacks.
β
MikroTik RouterOS brute force IPs from last week's brief continued without pause. 1.1 million authentication attempts. One IP dropped; new one emerged. Deliberate infrastructure management.
β
1 million CVE-2025-55182 attempts from the same top IPs. Three scanners rotate through 11 identical user agents spanning 6 platforms β a pattern consistent with LLM generated evasion lists.
β
585,000 combined sessions targeting Palo Alto GlobalProtect and Fortinet SSL VPN. Same IP ranges observed last week βpersistent scanning infrastructure.
β
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: January 26β30, 2026
A single JA4T signature linked React, Fortinet, Palo Alto, and ENV campaigns across 3.3 million sessions. Combined with a 20M-session VNC reconnaissance surge and two-week RouterOS persistence, this week confirms coordinated operations targeting enterprise infrastructure at scale.
β
β
Netherlands-based infrastructure systematically enumerated VNC ports 5900-5920 with uniform distribution across ~100IPs. Reconnaissance at this scale typically precedes credential attacks.
β
MikroTik RouterOS brute force IPs from last week's brief continued without pause. 1.1 million authentication attempts. One IP dropped; new one emerged. Deliberate infrastructure management.
β
1 million CVE-2025-55182 attempts from the same top IPs. Three scanners rotate through 11 identical user agents spanning 6 platforms β a pattern consistent with LLM generated evasion lists.
β
585,000 combined sessions targeting Palo Alto GlobalProtect and Fortinet SSL VPN. Same IP ranges observed last week βpersistent scanning infrastructure.
β
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
