Coordinated Cyberattack Campaign Targets Major Network Security Vendors

GreyNoise uncovers a major campaign targeting Cisco, Fortinet, and Palo Alto devices with escalating scanning activity hinting at upcoming vulnerabilities.

By Content Team

Oct 10, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

GreyNoise has uncovered a coordinated campaign targeting Cisco, Fortinet, and Palo Alto Networks devices, with attackers using IPs from the same subnets. The firm detected scanning attempts against Cisco ASA devices in September, weeks before two zero-day vulnerabilities were disclosed. These bugs, scoring up to 9.9 on the CVSS scale, were linked to China-based hackers in the ArcaneDoor espionage campaign.

Scanning activity against Palo Alto Networks firewalls spiked 500% over two days, involving 2,200 unique IPs and generating over 1.3 million login attempts. GreyNoise warns that similar spikes typically precede vulnerability disclosures within six weeks, with roughly 80% accuracy for major firewall and VPN vendors.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

ICO Says Sultana's Unauthorised Party Launch May Be Criminal Matter for Police

Jan 10, 2026

Python Repositories Hit by Sophisticated Malware Campaign Using Stolen VS Code Credentials

Mar 17, 2026

France's Post Office Hit by Cyber-Attack Three Days Before Christmas

Dec 23, 2025

Conduent Data Breach Exposes Nearly 17,000 Volvo Group Employees' Personal Information

Feb 15, 2026