Massive Brute Force Attack Using 2.8 Million IPs Targets Networking Devices
Reading Time: 3 Minutes
A large-scale brute force attack is underway, attempting to guess login credentials for networking devices from Palo Alto Networks, Ivanti, and SonicWall.
Attack Overview
- Brute force attacks repeatedly attempt username-password combinations to gain unauthorized access.
- 2.8 million IP addresses are involved in this attack daily.
- The attack has been ongoing since last month, with activity recently escalating.
Top Affected Countries
- Brazil (1.1 million IPs)
- Turkey
- Russia
- Argentina
- Morocco
- Mexico
- Many more countries are also participating.
Targeted Devices
- Firewalls, VPNs, and security appliances exposed to the internet for remote access.
- Routers and IoT devices commonly hijacked by malware botnets, including:
- MikroTik
- Huawei
- Cisco
- Boa
- ZTE
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
How Attackers Operate
- The attacks come from multiple networks and Autonomous Systems, likely controlled by a botnet or residential proxy networks.
- Residential proxies route traffic through home users’ IPs, making attacks harder to detect.
- Compromised gateway devices may be used as proxy exit nodes, allowing cybercriminals to:
- Bypass security measures
- Launch further attacks from trusted enterprise networks
Protection Measures
- Change default admin credentials to strong, unique passwords.
- Enable multi-factor authentication (MFA) where possible.
- Restrict access by creating an allowlist of trusted IPs.
- Disable unnecessary web admin interfaces to reduce exposure.
- Apply firmware and security updates to patch known vulnerabilities.
Previous Warnings
- April 2024: Cisco warned of brute-force attacks targeting Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices.
- December 2024: Citrix warned of password spray attacks on Citrix Netscaler devices worldwide.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials and Bypass MFA
Python PyPI Supply Chain Attack: Hackers Hide Malware in Fake DeepSeek Packages
WhatsApp Exposes Zero-Click Exploit Spyware Campaign Linked to Israeli Firm Paragon
New ‘Browser Syncjacking’ Attack Uses Chrome Extensions for Full Device Takeover
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
