Following threat actors ‘ warnings about a rise in dubious password scanning activity aimed at its equipment, Palo Alto Networks has revealed that it is observing brute-force login attempts against PAN-OS GlobalProtect gates.
Our teams are observing proof of password-related attacks, such as brute-force registration attempts, which does not suggest the vulnerability was exploited, according to a company director who spoke to The Hacker News. ” We continue to constantly monitor this situation, examine the activity reported, and determine whether mitigations are needed.”
The development comes after Grey Noise, a provider of menace intelligence, received a warning about a rise in dubious login scanning exercise aimed at PAN-OS GlobalProtect portals.
The exercise started on March 17, 2025, with a maximum of 23, 958 special Internet names, before dropping off toward the end of last month. The routine hints at a coordinated effort to identify resilient or exposed network defenses.
The United States, the UK, Ireland, Russia, and Singapore have mostly been identified by the registration scanning activity.
At this time, it’s unknown how widespread these efforts are and whether any particular risk artist is behind them. We will update the account if we hear back from The Hacker News and have reached out to Palo Alto Networks for more feedback.
In the interim, all users are advised to check that they are running the most recent PAN-OS versions. Other mitigations include enforcing multi-factor authentication ( ), setting up to detect and , and limiting unnecessarily exposed to the internet.