Postgres Rce With Superuser Persistence And Capability Suppression

Represents an advanced PostgreSQL compromise chain where an attacker achieves OS command execution via COPY ... FROM PROGRAM, establishes persistent administrative access by creating a new superuser role, and then deliberately revokes the pg_execute_server_program privilege from the default postgres role.

Observed IPs

Avg Confidence

100%

Severity

critical

Top IPs by event countPOSTGRES

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
212.113.98.30	100%	14,038	3,292	🇷🇺 RU	AS206134	2026-03-02
178.250.186.28	99%	11,101	2,009	🇷🇺 RU	AS207957	2026-02-24
157.230.55.143	100%	6,821	2,907	🇺🇸 US	AS14061	2026-03-02
164.90.155.248	100%	6,777	2,810	🇺🇸 US	AS14061	2026-03-02
157.230.250.115	100%	6,686	2,858	🇸🇬 SG	AS14061	2026-03-02
144.217.252.80	100%	6,544	2,785	🇨🇦 CA	AS16276	2026-03-02
143.198.94.28	100%	6,511	2,914	🇸🇬 SG	AS14061	2026-03-02
209.15.110.13	100%	6,489	2,860	🇹🇭 TH	AS135566	2026-03-02
103.81.100.222	100%	6,466	2,755	🇮🇩 ID	AS58475	2026-03-02
77.222.63.226	100%	6,441	2,843	🇷🇺 RU	AS44112	2026-03-02
103.236.108.25	100%	6,419	2,846	🇮🇳 IN	AS132925	2026-03-02
167.172.104.27	100%	6,409	2,801	🇩🇪 DE	AS14061	2026-03-02
62.217.122.251	100%	6,391	2,829	🇬🇷 GR	AS5408	2026-03-02
137.184.65.234	100%	6,335	2,759	🇺🇸 US	AS14061	2026-03-02
91.90.213.175	100%	6,278	2,852	🇷🇺 RU	AS57487	2026-03-02
45.55.174.23	100%	6,272	2,822	🇺🇸 US	AS14061	2026-03-02
128.199.197.130	100%	6,268	2,852	🇸🇬 SG	AS14061	2026-03-02
83.212.174.61	100%	6,262	2,823	🇬🇷 GR	AS5408	2026-03-02
165.227.211.162	100%	6,232	2,825	🇺🇸 US	AS14061	2026-03-02
209.15.110.23	100%	6,203	2,867	🇹🇭 TH	AS135566	2026-03-02