← Back to feed

AS7552 Viettel Group

ASN Active medium
Why this campaign was detected
23 IPs from the same network (Viettel Group, AS7552) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS7552 · Viettel Group
Subnet
Country
🇻🇳 VN
Cloud Provider
Member Count
23 IPs
Below average
Total Events
3244
Below average by volume
Started / Ended
2026-02-16 19:38 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
171.244.37.97 credential_harvester 80% 1x OSINT 1109 3 ssh:bruteforce 2026-07-15 20:34 evidence →
27.79.1.161 credential_harvester 59% 1x OSINT 233 2 ssh:bruteforce 2026-07-15 22:23 evidence →
171.231.183.200 credential_harvester 53% 1x OSINT 166 1 ssh:bruteforce 2026-07-16 13:43 evidence →
171.231.176.79 credential_harvester 52% 1x OSINT 181 1 ssh:bruteforce 2026-07-17 07:13 evidence →
171.231.188.238 credential_harvester 52% 1x OSINT 162 1 ssh:bruteforce 2026-07-17 07:13 evidence →
27.79.7.150 credential_harvester 52% 1x OSINT 112 1 ssh:bruteforce 2026-07-16 13:34 evidence →
27.79.4.219 credential_harvester 52% 1x OSINT 88 1 ssh:bruteforce 2026-07-16 16:09 evidence →
27.79.5.119 credential_harvester 51% 1x OSINT 46 1 ssh:bruteforce 2026-07-16 16:04 evidence →
27.79.42.201 credential_harvester 44% 128 1 ssh:bruteforce 2026-07-15 19:30 evidence →
27.71.237.128 opportunistic_bruter 43% 80 2 ssh:bruteforce 2026-07-15 16:15 evidence →
27.79.2.54 credential_harvester 41% 76 1 ssh:bruteforce 2026-07-14 10:01 evidence →
171.231.192.251 credential_harvester 39% 56 1 ssh:bruteforce 2026-07-13 17:07 evidence →
116.99.49.208 credential_probe 39% 1x OSINT 24 2 ssh:bruteforce 2026-07-17 03:22 evidence →
171.243.151.8 credential_harvester 39% 48 1 ssh:bruteforce 2026-07-13 17:04 evidence →
171.243.150.68 credential_harvester 38% 41 1 ssh:bruteforce 2026-07-13 16:29 evidence →
27.79.40.255 credential_harvester 38% 154 1 ssh:bruteforce 2026-07-12 03:41 evidence →
171.231.190.224 credential_harvester 37% 95 1 ssh:bruteforce 2026-07-12 03:29 evidence →
27.79.2.33 credential_harvester 36% 157 1 ssh:bruteforce 2026-07-11 09:13 evidence →
27.79.7.248 credential_harvester 36% 153 1 ssh:bruteforce 2026-07-11 09:13 evidence →
27.79.4.54 credential_harvester 36% 50 1 ssh:bruteforce 2026-07-12 03:42 evidence →
171.231.191.213 credential_probe 31% 1x OSINT 28 1 ssh:bruteforce 2026-07-16 13:39 evidence →
27.79.6.83 credential_harvester 23% 34 1 ssh:bruteforce 2026-07-14 09:58 evidence →
171.231.191.200 credential_probe 20% 23 1 ssh:bruteforce 2026-07-14 09:30 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds