How Attackers Use Shodan & FOFA by Lucie Cardiet

This report details how attackers use internet metadata search engines (Shodan, FOFA, ZoomEye) to enumerate exposed devices and services, then pursue credential brute-force and CVE-driven exploitation (highlighting CVE-2024-23897 against Jenkins) to achieve initial access—using Black Basta as an example—and describes how Vectra AI detects related anomalous behavior to disrupt these attack chains.