Hackers have dramatically increased their attacks on Palo Alto Networks’ GlobalProtect VPN since mid-November 2025, with 2.3 million malicious sessions noted. The escalation represents a 40-fold rise in activity within a day, marking the highest level recorded in the past 90 days. The majority of these attacks focus on brute-force login attempts against the /global-protect/login.esp URI, raising alarms about vulnerabilities in widely used remote access systems. Previous campaigns linked to these attackers demonstrate coordinated tactics and patterns, indicating a potentially state-sponsored operation.
GreyNoise researchers have identified key indicators, including overlapping threat actors and shared infrastructures, with 62% of the attack sessions traced back to a German company, 3xK Tech GmbH. This infrastructure, combined with geographical targeting of the United States, Mexico, and Pakistan, reflects a sophisticated approach to exploiting remote access vulnerabilities. Notably, past spikes in similar attacks often precede critical vulnerability disclosures within a six-week timeframe, suggesting a need for organizations to enhance their cybersecurity postures urgently.
👉 Pročitaj original: Cyber Security News
