DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Mass scanning of Palo Alto Networks, Cisco and Fortinet Login portals

DigitalCIO Bureau by DigitalCIO Bureau
October 13, 2025
in Tech News
0
Mass scanning of Palo Alto Networks, Cisco and Fortinet Login portals
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity intelligence firm GreyNoise has observed an alarming increase in scanning activity against network equipment from major vendors in recent days. Scanning of Palo Alto Networks login portals has increased by approximately 500% in 48 hours, the highest level in 90 days. This pattern of targeted reconnaissance exercises is now associated with a high degree of certainty with similar escalations against Cisco ASA devices and Fortinet SSL VPNs.

The findings indicate that the same threat actors are behind a coordinated series of attacks targeting vulnerable login portals of critical network infrastructure.

Starting October 3rd, GreyNoise noticed a sharp increase in the number of unique IP addresses scanning Palo Alto Networks PAN-OS GlobalProtect login portals. On October 7th, activity peaked at over 2,200 unique IP addresses.

On October 8, GreyNoise confirmed the correlation between three recent campaigns:

Scanning Cisco ASA devices.

Increased login attempts against Palo Alto login portals.

A spike in brute force attempts against Fortinet SSL VPNs.

This link is supported by a recurring fingerprint (shared TCP fingerprints), the use of the same subnets, and the simultaneous escalation of activities. The most frequently used subnets are linked to AS200373 (3xK Tech GmbH) and AS11878 (tzulo, Inc.).

Increased risk of zero-day vulnerabilities

The increased scanning is particularly concerning given previous observations by GreyNoise. Previous research in July indicated that spikes in brute force attempts against Fortinet VPNs are often followed by the public disclosure of new Fortinet VPN vulnerabilities within six weeks. While such a correlation has not yet been proven in Palo Alto, the current escalation calls for increased vigilance from defenders.

Furthermore, the rapid succession of login attempts against Palo Alto suggests that threat actors are attempting to test a large data set of stolen or leaked credentials.

Call for defense teams

Defense teams are strongly advised to immediately tighten their firewall and VPN security. This activity is classified as targeted reconnaissance and is clearly distinct from routine background scanning.

Organizations can take preventive measures by:

Instantly block IPs involved in Fortinet VPN brute forcing and Palo Alto scanning.

Implement additional layers of defense given the coordinated nature of the attacks across different technology platforms.

GreyNoise has published a list of usernames and passwords used in recent Palo Alto and Fortinet campaigns for defense teams to review. Threat actors appear to be broadening their focus, given the increase in unique autonomous systems (ASNs) involved in the scans.

Tags: GreyNoise
Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Tech Mahindra Partners with Fortinet to Launch Managed SASE Solutions for Secured Digital Transformation

by DigitalCIO Bureau
April 21, 2026
0
Tech Mahindra Partners with Fortinet to Launch Managed SASE Solutions for Secured Digital Transformation

Tech Mahindra has announced a partnership with Fortinet to deliver a Managed Secure Access Service Edge (SASE) solution, aimed at enabling enterprises worldwide achieve secure and scalable digital...

Read moreDetails

Polycab India Appoints Pradipta Patro as CISO & VP – Data Privacy

by DigitalCIO Bureau
April 21, 2026
0
Polycab India Appoints Pradipta Patro as CISO & VP – Data Privacy

Polycab India Ltd., has appointed Pradipta Patro as its Chief Information Security Officer (CISO) and Vice President – Data Privacy. The move underscores the company’s continued focus on...

Read moreDetails

Abhinav Pratap Singh Elevated to Executive Director at PwC India

by DigitalCIO Bureau
April 20, 2026
0
Abhinav Pratap Singh Elevated to Executive Director at PwC India

PwC India has elevated senior consulting leader Abhinav Pratap Singh to the role of Executive Director, strengthening its finance and tax transformation advisory capabilities in the country. In...

Read moreDetails

Palo Alto Networks Announced the Completion of its Acquisition of Koi

by DigitalCIO Bureau
April 20, 2026
0
Palo Alto Networks Announced the Completion of its Acquisition of Koi

Palo Alto Networks has completed its acquisition of Koi, introducing Agentic Endpoint Security (AES) to protect against expanding AI-driven risks on enterprise endpoints. Announced by Palo Alto Networks,...

Read moreDetails

NetApp Teams Up with Google Cloud to Strengthen Data Infrastructure for Distributed Cloud

by DigitalCIO Bureau
April 17, 2026
0
NetApp Teams Up with Google Cloud to Strengthen Data Infrastructure for Distributed Cloud

NetApp announced a 4‑year Enterprise Agreement with Google Cloud to accelerate deployment of NetApp storage solutions within Google Distributed Cloud air‑gapped, Google’s sovereign cloud platform delivered in partnership...

Read moreDetails
Next Post
Visakhapatnam’s First 50 MW AI Edge Data Center Foundation Laid

Visakhapatnam's First 50 MW AI Edge Data Center Foundation Laid

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

VTEX Partners with Vinculum to Elevate Customer Experience in India

Tata Electronics & Synopsys To Accelerate Customer Product Design And Ramp For India’s First Fab

June 26, 2024
Zimperium Uncovers SarangTrap Malware Threat

Zimperium Uncovers SarangTrap Malware Threat

July 24, 2025
Veeam Launches Kasten V7.0 to Drive Cyber Resilience and Innovation

Veeam Launches Kasten V7.0 to Drive Cyber Resilience and Innovation

May 8, 2024

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud IBM Infographics Infosys Internet of Things (IoT) Kaspersky Microsoft NTT DATA NVIDIA Palo Alto Networks Panel Discussion Qlik Salesforce Sophos Tata Consultancy Services TCS Tenable Trend Micro Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?