25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming
ATT&CK techniques detected
T1190Exploit Public-Facing Application
97%
"exploited vulnerabilities ( kev ) catalog. resurgent brute force attacks against cisco ssl vpns after investigating activity against our cisco profiles, greynoise identified resurgent brute force attacks targeting cisco ssl vpns occurring yesterday at approximately 1 : 00pm est. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
68%
"25, 000 ips scanned cisco asa devices — new vulnerability potentially incoming update : 9 october greynoise identified a connection between three campaigns targeting cisco, palo alto, and fortinet firewalls and vpns. we observed infrastructure overlap between recent cisco asa sca…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
41%
"##s were observed scanning asa devices. - 2, 858 did not match this client signature. - meaning roughly 14, 000 of the ~ 17, 000 ips active that day — more than 80 % — were tied to this botnet. the client signature was seen alongside a suite of closely related tcp signatures, sug…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a significant elevation above baseline, typically registering at less than 500 IPs per day.