Seeing indicators that this entity has been breached for over a month and does not realize it. It appears as though their infrastructure is being used to launch farther attacks on other educational institutions.
They also appear on Emerging Threats for malicious activity since at lease the 11th of December, 2014. You would think these large organizations would do something to get themselves off the blacklist but as of today we are still detecting malicious activity.
Update: Our sensors are still seeing traffic originating from Texax A&M and they still have not closed off the vulnerable systems. Seeing additional reports from additional locations that they are being attacked by this entity. Over 200+ external IP's are reporting attempted breaches and brute forces from the Texas A&M network.
No comments:
Post a Comment