Summary: A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been reported, suggesting a possible upcoming attack or exploitation of vulnerabilities. The activity peaked with over 20,000 unique IP addresses per day and may indicate reconnaissance before the disclosure of flaws. Network administrators are advised to enhance their monitoring and defense mechanisms against potential threats.
Affected: Palo Alto Networks, GlobalProtect login portals
Keypoints:
- Over 24,000 unique source IP addresses involved; 23,800 classified as suspicious.
- Scanning activity peaked on March 17, 2025, and could be linked to preparatory reconnaissance efforts.
- Most attacks originate from the U.S. and Canada, with a warning for administrators to increase vigilance.
- GreyNoise recommends reviewing logs for signs of compromise and hardening login portals.
Views: 8