Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025.

“We believe with a high level of confidence that FDN3 is part of a wider abusive infrastructure composed of two other Ukrainian networks, VAIZ-AS (AS61432) and ERISHENNYA-ASN (AS210950), and a Seychelles-based autonomous system named TK-NET (AS210848).” Those were all allocated in August 2021 and often exchange IPv4 prefixes with one another to evade blocklisting and continue hosting abusive activities.

The brute-force and password spraying efforts aimed at SSL VPN and RDP assets could last up to three days, per Intrinsec. It’s worth noting that these techniques have been adopted by various ransomware-as-a-service (RaaS) groups like Black Basta, GLOBAL GROUP, and RansomHub as an initial access vector to breach corporate networks.

To read the complete article see: https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html

😊