A Spike in the Desert How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
…Nothing unusual about botnet traffic. But this time, dozens of malicious IPs were all coming from a single region with a population of just over 3,000 people.
It didn’t fit the pattern. So we dug in.
Starting with a Single IP We zoomed into the map and picked up the first IP: 137.118.82.76.
It had a troubling combination of GreyNoise tags:
- Telnet Bruteforcer
- Generic IoT Default Password Attempt
- Mirai
- D-Link Hardcoded Telnet Attempt
This wasn’t just a misconfigured device — it looked like a system actively participating in a botnet.
So we pulled the thread.
To read the complete article see:
How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
This post is licensed under CC BY 4.0 by the author.