“on 12 december, greynoise observed a sharp surge in opportunistic bruteforce login attempts targeting cisco ssl vpn endpoints. daily unique attacking ips rose from a typical baseline of fewer than 200 to 1, 273 ips, representing a significant deviation from normal activity. the m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1110Brute Force
81%
“cisco ssl vpn bruteforcer attacks new users can try greynoise block free for 14 - days. greynoise will continue monitoring this activity and make updates as necessary. — — — stone is head of content at greynoise intelligence, where he leads strategic content programs that transla…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1110Brute Force
58%
“##l vpn bruteforce activity sourced from 3xk infrastructure and marks the first time in the past 12 weeks that 3xk - hosted ips have been deployed at scale against cisco ssl vpn portals. observed request bodies indicate automated credential - based authentication attempts rather …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1110.003Password Spraying
53%
“##l vpn bruteforce activity sourced from 3xk infrastructure and marks the first time in the past 12 weeks that 3xk - hosted ips have been deployed at scale against cisco ssl vpn portals. observed request bodies indicate automated credential - based authentication attempts rather …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
33%
“coordinated credential - based campaign targets cisco and palo alto networks vpn gateways greynoise is tracking a coordinated, automated credential - based campaign targeting enterprise vpn authentication infrastructure, with activity observed against cisco ssl vpn and palo alto …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise is tracking a coordinated, automated credential-based campaign targeting enterprise VPN authentication infrastructure, with activity observed against Cisco SSL VPN and Palo Alto Networks GlobalProtect services.