Cybersecurity researchers warn about a spike in a suspicious login focused on Palo Alto Networks Pan-Os GlobalProt GateWays, with almost 24,000 unique IPs trying to access these portals.
“This picture suggests that the concerted efforts to check the protection of the network and the detection of exposed or vulnerable systems, potentially as a predecessor of purposeful operation”, “threatened intelligence firm Greynoise – Note.
It is said that the overstretch began on March 17, 2025, supporting almost 20,000 unique IPs a day before being rejecting on March 26. At the peak of 23 958 unique IP -ses, they estimate, participated in the activities. Of these, only a smaller subset of 154 IP was designated as malicious.
The United States and Canada came out as the main sources of the movement, followed by Finland, the Netherlands and Russia. Activities are primarily aimed at systems in the US, UK, Ireland, Russia and Singapore.
It is currently unclear what drives the activity but indicates a systematic approach to network protection testing, which can open the way for the next operation.
“Over the past 18 to 24 months, we have observed a consistent picture of the purposeful targeting of old vulnerabilities or well-worn attacks and intelligence attempts against specific technologies,” said Bob Rudis, Vice President of Greynoise Science. “These samples often coincide with new vulnerabilities that occur from 2 to 4 weeks.”
In light of the unusual activity, it is very important that the organizations that have been released on the Palo Alto online network are taking measures to ensure the entry portals.
The Hacker News turned to Palo Alto Networks for further comment and we will update the story when we hear back.
