In February, Augur independently identified 32,361 malicious IP addresses that were later validated by third-party intelligence providers, reinforcing its ability to surface emerging threat infrastructure well before conventional feeds catch up.
Where some preemptive security vendors concentrate on low-level risks such as domain lookalikes and basic spoofing activity, Augur focuses on the operational backbone of serious cyber campaigns. It uncovers the command-and-control servers, exfiltration staging nodes, and delivery systems that sophisticated threat actors rely on. This includes infrastructure established by nation-state groups, ransomware operators, and advanced criminal networks, often long before their operations escalate into public-facing incidents.
Seen in February
The following examples highlight the kinds of malicious operations Augur uncovers and disrupts.
If you aren’t already blocking these IP addresses, we highly recommend that you do so.
Augur Highlights
Over the past few months, Augur has uncovered IPs and domains that were later leveraged in high-profile attacks, including the recent Salesforce/Salesloft breach, the SharePoint exploitation campaign, and the attack targeting Taiwanese Semiconductor.
Not every IP we uncover ends up in the headlines, but the overwhelming majority of the IPs and domains we identify are ultimately weaponized by threat actors to launch real-world attacks.
How Does Augur Work?
Augur uses ML-powered behavioral modeling to detect the buildup of cybercriminal infrastructure online before attacks. We identify thousands of malicious IPs, IP ranges, and domains every month. Augur identifies threats on average 60 days before they’re first reported by traditional sources. Our predictions are highly accurate, with a near-zero false-positive rate (0.01%), providing organizations using Augur with preemptive protection against cyberattacks, zero-days, and novel threats.
