Cybersecurity researchers are warning of a spike in suspicious login scanning exercise concentrating on Palo Alto Networks PAN-OS GlobalProtect gateways, with almost 24,000 distinctive IP addresses making an attempt to entry these portals.
“This sample suggests a coordinated effort to probe community defenses and determine uncovered or weak techniques, doubtlessly as a precursor to focused exploitation,” menace intelligence agency GreyNoise said.
The surge is alleged to have commenced on March 17, 2025, sustaining at almost 20,000 distinctive IP addresses per day earlier than dropping off on March 26. At its peak, 23,958 distinctive IP addresses are estimated to have participated within the exercise. Of those, solely a smaller subset of 154 IP addresses has been flagged as malicious.
America and Canada have emerged as the highest sources of visitors, adopted by Finland, the Netherlands, and Russia. The exercise has primarily focused techniques in the USA, the UK, Eire, Russia, and Singapore.
It is at present not clear what’s driving the exercise, but it surely factors to a systemic strategy to testing community defenses, which may doubtless pave the way in which for later exploitation.
“Over the previous 18 to 24 months, we have noticed a constant sample of deliberate concentrating on of older vulnerabilities or well-worn assault and reconnaissance makes an attempt in opposition to particular applied sciences,” Bob Rudis, VP of Information Science at GreyNoise, stated. “These patterns usually coincide with new vulnerabilities rising 2 to 4 weeks later.”
In gentle of the weird exercise, it is crucial that organizations with internet-facing Palo Alto Networks cases take steps to safe their login portals.
The Hacker Information has reached out to Palo Alto Networks for additional remark, and we are going to replace the story if we hear again.
Source link