Cybersecurity researchers are warning of a spike in suspicious login scanning exercise focusing on Palo Alto Networks PAN-OS GlobalProtect gateways, with almost 24,000 distinctive IP addresses making an attempt to entry these portals.
“This sample suggests a coordinated effort to probe community defenses and determine uncovered or susceptible techniques, probably as a precursor to focused exploitation,” menace intelligence agency GreyNoise stated.
The surge is alleged to have commenced on March 17, 2025, sustaining at almost 20,000 distinctive IP addresses per day earlier than dropping off on March 26. At its peak, 23,958 distinctive IP addresses are estimated to have participated within the exercise. Of those, solely a smaller subset of 154 IP addresses has been flagged as malicious.
The US and Canada have emerged as the highest sources of site visitors, adopted by Finland, the Netherlands, and Russia. The exercise has primarily focused techniques in the USA, the UK, Eire, Russia, and Singapore.
It is at the moment not clear what’s driving the exercise, nevertheless it factors to a systemic method to testing community defenses, which may possible pave the best way for later exploitation.
“Over the previous 18 to 24 months, we have noticed a constant sample of deliberate focusing on of older vulnerabilities or well-worn assault and reconnaissance makes an attempt towards particular applied sciences,” Bob Rudis, VP of Data Science at GreyNoise, stated. “These patterns typically coincide with new vulnerabilities rising 2 to 4 weeks later.”
In mild of the bizarre exercise, it is crucial that organizations with internet-facing Palo Alto Networks situations take steps to safe their login portals.
The Hacker Information has reached out to Palo Alto Networks for additional remark, and we are going to replace the story if we hear again.
