Navigating Geopolitical Nuances in Cyberattacks With Advanced IP Address Analysis HOPE XV

While some countries exhibit disproportionate aggressive behavior in cyberattacks, others show proxy-centric Internet traffic redistribution, and some experience higher frequencies of cyberattacks, leading to more compromised computers within their infrastructure. To investigate these patterns, Andréanne and Constance built a honeynet of RDP Windows servers in the cloud, collecting over 190 million events over three years. This dataset provides valuable insights into the origin of IP addresses, though attributing attacks to specific countries is complex. They found various data sources providing contradictory information about IP addresses and will explain how they used several tools to streamline access to this information, while leveraging open source information. The results reveal that different attack techniques vary by geographic origin, and evidence will be presented of shared hacking tools between cooperating countries, enhancing our understanding of global cyber threats.