Pondering my ORB - A look at PolarEdge Adjacent Infrastructure

Posted Aug 28, 2025

By ictsec.pl

1 min read

By using our historical scan data, we can look at this attacker’s host on February 11, 2025 (around the time that Sekoia first observed attacker activity), and observe multiple services and certificates in use (some of which are still running on that host today):

Mentioned IOCs:

119.8.186[.]227
190.92.202[.]218
159.138.83[.]57

Certificates / Hashes:

3f00058448b8f7e9a296d0cdf6567ceb23895345eae39d472350a27b24efe999
e234e102cd8de90e258906d253157aeb7699a3c6df0c4e79e05d01801999dcb5

server_multi binary:

827797a9bff728ae6f46abd505e67a15e40b0ba69a8dc92a36fd90d9974c9593

To read the complete article see: https://censys.com/blog/pondering-my-orb-a-look-at-polaredge-adjacent-infrastructure

RESEARCH

CENSYS

This post is licensed under CC BY 4.0 by the author.

Trending Tags