The Wordfence Threat Intelligence team said hackers are attempting a malicious login attempt against the WordPress website. Since November 17, 2021, the number of attacks targeting login pages has doubled.

The researchers’ team has seen a global increase in attacks against WordPress sites during the past week, and more than a quarter of all of the malicious login attempts the team tracking is now originating from AWS EC2 instances, as shown in the chart below:

More than 77,000 IP addresses in this IP space have sent out malicious login attempts since November 17, 2021, but the vast majority of attacks are originating from roughly 5,000 EC2 instances.

Buy Me A Coffee

The following 40 IP addresses, however, have been on the Wordfence blocklist since the end of 2020 and have each sent out over 1 Million malicious login attempts since November 17, 2021:

35.183.60.188
54.176.188.51
52.60.189.115
52.52.190.187
52.65.15.196
18.231.94.162
34.209.105.222
34.215.69.55
18.221.206.247
52.64.20.252
13.124.222.242
35.181.87.238
18.229.73.207
13.233.73.212
13.209.28.104
52.42.79.222
13.232.96.15
52.15.212.3
13.58.56.77
18.136.72.135
52.30.16.188
35.178.16.1
18.194.196.202
13.48.53.51
13.53.64.97
34.241.77.13
54.250.87.247
3.8.68.2
18.197.125.181
34.251.241.226
18.184.155.204
35.180.147.121
52.192.73.251
3.8.12.221
35.181.112.20
3.0.115.255
13.228.104.57
13.53.208.18
54.178.182.46
13.211.126.30

While AWS makes it easy for businesses to move to the cloud, attackers are also utilizing the scale provided by cloud services, including AWS, in increasing numbers.

READ
LiteSpeed Cache Fixes Major Security Flaw Allowing Privilege Escalation on WordPress Sites