GreyNoise Launches Block: Fully configurable, real-time blocklists
.png){kind=spacer}
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: February 9-16, 2026
Three attack surfaces accelerated simultaneously: IoT botnet recruitment surged up to 91%, Fortinet VPN brute-forcing nearly doubled, and credential harvesting more than doubled to 8.28 million sessions. Meanwhile, a coordinated Iranian scanner cluster deployed custom tooling unknown to any public database, and an 84-day C2 operation was uncovered hiding behind cryptocurrency exchange API traffic.
β
β
Five IoT-related tag categories surged 53β91% WoW β Telnet Protocol, IoT Default Password, and ADB Check all rose in lockstep, consistent with centralized botnet orchestration.
β
Fortinet SSL VPN brute-forcing nearly doubled. A brand-new SonicWall scanning campaign emerged from zero to 199,743 sessions. Cisco and Palo Alto pressure steady.
β
ENV Crawler surged 112% to 4.29 million sessions. WordPress Enumeration up 273%. AWS credentials, Git repos, and Spring Boot actuators all targeted.
β
A Japanese-hosted server impersonated BitMart, KuCoin, and Bitget APIs across four parallel channels β sending identical static trading payloads to disguise C2 callbacks as legitimate financial API traffic.
β
β
β
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: February 9-16, 2026
Three attack surfaces accelerated simultaneously: IoT botnet recruitment surged up to 91%, Fortinet VPN brute-forcing nearly doubled, and credential harvesting more than doubled to 8.28 million sessions. Meanwhile, a coordinated Iranian scanner cluster deployed custom tooling unknown to any public database, and an 84-day C2 operation was uncovered hiding behind cryptocurrency exchange API traffic.
β
β
Five IoT-related tag categories surged 53β91% WoW β Telnet Protocol, IoT Default Password, and ADB Check all rose in lockstep, consistent with centralized botnet orchestration.
β
Fortinet SSL VPN brute-forcing nearly doubled. A brand-new SonicWall scanning campaign emerged from zero to 199,743 sessions. Cisco and Palo Alto pressure steady.
β
ENV Crawler surged 112% to 4.29 million sessions. WordPress Enumeration up 273%. AWS credentials, Git repos, and Spring Boot actuators all targeted.
β
A Japanese-hosted server impersonated BitMart, KuCoin, and Bitget APIs across four parallel channels β sending identical static trading payloads to disguise C2 callbacks as legitimate financial API traffic.
β
β
β
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
