Suspicious Activity
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. The activity started on December 2nd and originated from more than 7,000 IP addresses from infrastructure operated by the German IT company 3xK GmbH, which runs its own BGP network (AS200373) and operates as […]
GlobalProtect VPN portals probed with 2.3 million scan sessions
Malicious scanning activity targeting Palo Alto Networks GlobalProtect VPN login portals has increased 40 times in 24 hours, indicating a coordinated campaign. Real-time intelligence company GreyNoise reports that activity began climbing on November 14 and hit its highest level in 90 days within a week. “GreyNoise has identified a significant escalation in malicious activity targeting Palo Alto […]
Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans
A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. According to GreyNoise, which reports the activity, the scanning activity involves over 24,000 unique source IP addresses. The activity peaked at 20,000 unique IP […]