83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A recent analysis by threat intelligence firm GreyNoise reveals that 83% of exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) originate from a single IP address on bulletproof hosting infrastructure provided by PROSPERO. Between February 1 and 9, 2026, GreyNoise recorded 417 exploitation sessions from 8 unique source IP addresses, with an estimated 346 of these linked to the single IP, highlighting a concentrated attack vector.

This finding underscores the role of bulletproof hosting services in facilitating cyberattacks, as they offer anonymity and resilience against takedowns, making it challenging for defenders to mitigate threats. The exploitation of the Ivanti EPMM vulnerability, though not specifying CVEs or threat actors in the provided content, points to a targeted campaign leveraging infrastructure designed to evade detection and enforcement, emphasizing the need for robust monitoring and response strategies in enterprise security.

Key Takeaways

83% of Ivanti EPMM exploit attempts traced to a single IP on bulletproof hosting by PROSPERO
GreyNoise recorded 417 exploitation sessions from 8 unique IPs between February 1-9, 2026
Bulletproof hosting infrastructure enables concentrated and resilient cyberattack campaigns
Highlights importance of threat intelligence in identifying and mitigating targeted vulnerabilities

Source: The Hacker News

Press ESC to close

Key Takeaways

Share Article:

Tarang Parmar

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft