Hackers abuse Russian bulletproof host Proton66 for global attacks and malware delivery

Cybersecurity researchers have disclosed a surge in “mass scanning, credential brute-forcing, and exploitation attempts” originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.

The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.

“Net blocks 45.135.232.0/24 and 45.140.17.0/24 were particularly active in terms of mass scanning and brute-force attempts,” security researchers Pawel Knapczyk and Dawid Nesterowicz said. “Several of the offending IP addresses were not previously seen to be involved in malicious activity or were inactive for over two years.”

Read more at The Hacker News