Recent analysis has revealed that an influx of scans targeting Juniper Networks and Palo Alto Networks devices may indicate potential cyber espionage or efforts to build a botnet. According to SANS Institute's Johannes Ullrich, scans targeting the default username 't128' were conducted from approximately 3,000 unique IPs, primarily associated with known botnets. The default configuration of Juniper’s Session Smart Networking products poses risks, particularly if default passwords are not changed. Concurrently, scans for Palo Alto Networks’s GlobalProtect remote access products also raised concerns, highlighting an increasing trend in cyber threats against these platforms.
The surge in scans for Juniper's default username 't128' indicates potential attempts of espionage, botnet construction, or exploiting vulnerabilities, with thousands of IPs involved.
Many sources involved in the scan are known for scanning Secure Shell protocol, likely forming part of a 'Mirai Type' botnet associated with aspiring cybercriminals.
Ullrich emphasized the importance of not using default passwords for Juniper devices, as they remain a significant risk factor for compromised configurations.
GreyNoise noted large-scale probing of Palo Alto Networks's GlobalProtect products, likely by anonymous scanners looking for exposed vulnerabilities, with nearly 24,000 unique IP addresses involved.
Collection
[
|
...
]