Active Reconnaissance Campaign Targets SonicWall Firewalls Through Commercial Proxy Infrastructure

GreyNoise has identified a significant coordinated reconnaissance campaign targeting SonicWall SonicOS infrastructure. Over a four-day period, analysts observed more than 84,000 scanning sessions originating from rotating commercial proxy infrastructure. This activity indicates active reconnaissance aimed at identifying vulnerable firewall instances for potential subsequent exploitation. While no specific threat actor or malware family has been publicly attributed to this campaign at this time, the scale and coordination suggest organized malicious intent. Organizations utilizing SonicWall firewalls should prioritize patching known vulnerabilities and review logs for unauthorized access attempts. Enhanced monitoring of inbound traffic from proxy networks is recommended to detect scanning activity early. Immediate mitigation involves ensuring firmware is up-to-date and restricting management interface access to trusted IP ranges to prevent unauthorized reconnaissance from progressing into compromise.

84,000+ scanning sessions targeting SonicWall SonicOS infrastructure in four days. GreyNoise details a coordinated reconnaissance campaign using rotating proxy infrastructure.

GreyNoise has identified a significant coordinated reconnaissance campaign targeting SonicWall SonicOS infrastructure. Over a four-day period, analysts observed more than 84,000 scanning sessions originating from rotating commercial proxy infrastructure. This activity indicates active reconnaissance aimed at identifying vulnerable firewall instances for potential subsequent exploitation. While no specific threat actor or malware family has been publicly attributed to this campaign at this time, the scale and coordination suggest organized malicious intent. Organizations utilizing SonicWall firewalls should prioritize patching known vulnerabilities and review logs for unauthorized access attempts. Enhanced monitoring of inbound traffic from proxy networks is recommended to detect scanning activity early. Immediate mitigation involves ensuring firmware is up-to-date and restricting management interface access to trusted IP ranges to prevent unauthorized reconnaissance from progressing into compromise. 84,000+ scanning sessions targeting SonicWall SonicOS infrastructure in four days. GreyNoise details a coordinated reconnaissance campaign using rotating proxy infrastructure. 84,000+ scanning sessions targeting SonicWall SonicOS infrastructure in four days. GreyNoise details a coordinated reconnaissance campaign using rotating proxy infrastructure.