Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025.

The activity originated from a Ukraine-based autonomous system FDN3 ( AS211736 ), per French cybersecurity company Intrinsec.

"We believe with a high level of confidence that FDN3 is part of a wider abusive infrastructure composed of two other Ukrainian networks, VAIZ-AS ( AS61432 ) and ERISHENNYA-ASN ( AS210950 ), and a Seychelles-based autonomous system named TK-NET ( AS210848 )," according to a report published last week.

"Those were all allocated in August 2021 and often exchange IPv4 prefixes with one another to evade blocklisting and continue hosting abusive activities."

AS61432 cu

See Full Page