Hackers on the Hunt: Palo Alto Networks GlobalProtect Under Siege!

Watch out, GlobalProtect users! Threat actors are practicing their best “sneak attack” moves by probing over 24,000 IP addresses. GreyNoise warns that these cyber ninjas are gearing up for a possible exploitation party, with most attacks coming from the US. Time to lock your digital doors and keep those logs on speed dial!

3P
Published: April 1, 2025 3:38 pmAdded: April 1, 2025 at 8:59 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like hackers are taking a virtual road trip with a pitstop at Palo Alto Networks – but I doubt they’re there for the scenic views. It’s more like a cyber scavenger hunt, and GlobalProtect just happens to be their treasure map. Time for IT teams to put the pedal to the metal on security patches!

Key Points:

  • 24,000+ IPs are probing Palo Alto Networks’ GlobalProtect portals for vulnerabilities.
  • Activity spiked in March with 20,000 daily login scans detected.
  • The majority of the probing IPs are from the US, followed by Canada.
  • 3xK Tech GmbH and other hosting services are linked to this activity.
  • Organizations are advised to review logs for signs of compromise.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?