9X Surge in Ivanti Connect Secure Scanning Activity
ATT&CK techniques detected
T1588.006Vulnerabilities
48%
“9x surge in ivanti connect secure scanning activity may 20, 2025 update : our april 23 report highlighted a sharp surge in scanning activity targeting ivanti connect secure and pulse secure products. just weeks later, two zero - day vulnerabilities were disclosed in ivanti epmm —…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595.002Vulnerability Scanning
37%
“9x surge in ivanti connect secure scanning activity may 20, 2025 update : our april 23 report highlighted a sharp surge in scanning activity targeting ivanti connect secure and pulse secure products. just weeks later, two zero - day vulnerabilities were disclosed in ivanti epmm —…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.003Multi-hop Proxy
34%
“##s ) vpn systems. more than 230 unique ips probed ics / ips endpoints — a sharp rise from the usual daily baseline of fewer than 30. this surge may indicate coordinated reconnaissance and possible preparation for future exploitation. what we ’ re seeing greynoise has a tag track…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation.