Cybersecurity researchers have identified a significant increase in malicious activities such as mass scanning, credential brute-forcing, and exploitation attempts linked to IP addresses connected with the Russian bulletproof hosting provider Proton66. The surge in activity, which has been ongoing since January 8, 2025, has been targeting organizations on a global scale. Trustwave SpiderLabs recently published a two-part analysis detailing the nature and extent of these cyber threats.