Hackers Actively Exploiting Cisco and Palo Alto VPN Gateways to Gain Login Access

Cybersecurity researchers at GreyNoise have uncovered a large-scale, coordinated campaign targeting enterprise VPN authentication systems.

The attackers are systematically attempting to breach Cisco SSL VPN and Palo Alto Networks GlobalProtect services through credential-based attacks rather than exploiting specific vulnerabilities.

The campaign activity was observed in mid-December over a concentrated two-day period, indicating a sophisticated approach to compromising enterprise access points.

Attack Campaign Unfolds

The campaign began on December 11 when GreyNoise detected a massive spike in automated login attempts targeting Palo Alto Networks GlobalProtect portals.

The attackers generated approximately 1.7 million login sessions within just 16 hours, originating from more than 10,000 unique IP addresses.

The attack traffic targeted GlobalProtect portals primarily located in the United States, Pakistan, and Mexico, with all requests originating from…