Intrusions attempting to infiltrate Palo Alto GlobalProtect portals and scanning SonicWall SonicOS API endpoints as part of a dual campaign have been underway since Dec. 2, according to Security Affairs.More than 7,000 IP addresses linked to German hosting provider 3xK GmbH have sought to log in to GlobalProtect portals, with the attack traffic recycling a trio of client fingerprints previously observed in attacks between late September and mid-October, reported GreyNoise researchers. Such fingerprints were also evident in the surge of SonicWall SonicOS API scans on Dec. 3, indicating similar tooling.Organizations' network defenders have been advised to not only track atypical velocity or persistent failures in authentication surfaces but also monitor recurring client fingerprints while implementing "dynamic" and "context-aware" blocking to better protect their systems from potential compromise."Fingerprint-level telemetry exposes cross-infrastructure relationships that defenders might otherwise miss," said GreyNoise.
Network Security, Threat Intelligence
Ongoing attack campaign sets sights on Palo Alto Networks GlobalProtect portals, SonicWall APIs
(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds