138[.]68[.]90[.]19

DigitalOcean-hosted IP observed by FBI in Pioneer Kitten operations January-August 2024, listed in Table 10 of CISA AA24-241A. The group exploits edge devices (Citrix Netscaler CVE-2019-19781/CVE-2023-3519, F5 BIG-IP CVE-2022-1388, Ivanti CVE-2024-21887, PanOS CVE-2024-3400, Check Point CVE-2024-24919) for initial access.

first seen

Dec 31, 2023

publisher

CISA