Latest Cyber Security News

You are here: Home / General Cyber Security News / Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
April 11, 2025

Palo Alto Networks has revealed that it’s observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances.

“Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a vulnerability,” a spokesperson for the company told The Hacker News. “We continue to actively monitor this situation and analyze the reported activity to determine its potential impact and identify if mitigations are necessary.”

The development comes after threat intelligence firm GreyNoise alerted of a spike in suspicious login scanning activity aimed at PAN-OS GlobalProtect portals.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The company further noted that the activity commenced on March 17, 2025, hitting a peak of 23,958 unique IP addresses before dropping off towards the end of last month. The pattern indicates a coordinated effort to probe network defenses and identify exposed or vulnerable systems.

The login scanning activity has primarily singled out systems in the United States, the United Kingdom, Ireland, Russia, and Singapore.

It’s currently not known how widespread these efforts are and if they are the work of any specific threat actor at this stage. The Hacker News has reached out to Palo Alto Networks for additional comments, and we will update the story if we hear back.

In the interim, all customers are encouraged to ensure that they are running the latest versions of PAN-OS. Other mitigations include enforcing multi-factor authentication (MFA), configuring GlobalProtect to facilitate MFA notifications, setting up security policies to detect and block brute-force attacks, and limiting unnecessary exposure to the internet.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *