Palo Alto Networks has revealed that it is observing brute-force login makes an attempt in opposition to PAN-OS GlobalProtect gateways, days after risk hunters warned of a surge in suspicious login scanning exercise concentrating on its home equipment.
“Our groups are observing proof of exercise per password-related assaults, reminiscent of brute-force login makes an attempt, which doesn’t point out exploitation of a vulnerability,” a spokesperson for the corporate informed The Hacker Information. “We proceed to actively monitor this case and analyze the reported exercise to find out its potential influence and establish if mitigations are essential.”
The event comes after risk intelligence agency GreyNoise alerted of a spike in suspicious login scanning exercise geared toward PAN-OS GlobalProtect portals.
The corporate additional famous that the exercise commenced on March 17, 2025, hitting a peak of 23,958 distinctive IP addresses earlier than dropping off in the direction of the tip of final month. The sample signifies a coordinated effort to probe community defenses and establish uncovered or weak methods.
The login scanning exercise has primarily singled out methods in the US, the UK, Eire, Russia, and Singapore.
It is presently not identified how widespread these efforts are and if they’re the work of any particular risk actor at this stage. The Hacker Information has reached out to Palo Alto Networks for extra feedback, and we’ll replace the story if we hear again.
Within the interim, all clients are inspired to make sure that they’re working the newest variations of PAN-OS. Different mitigations embody implementing multi-factor authentication (MFA), configuring GlobalProtect to facilitate MFA notifications, organising safety insurance policies to detect and block brute-force assaults, and limiting pointless publicity to the web.