There has been a significant increase in scanning activity targeting SonicWall devices, specifically looking for CVE-2021-20016 vulnerability. The activity has grown tenfold over the past 14 days, with multiple sources reporting probes related to two specific URLs. The most active IP addresses originate from the 141.98.80.0/24 subnet. The diary provides a list of indicator IP addresses involved in the scanning activity. This surge in scanning efforts highlights the ongoing threat landscape surrounding the SonicWall vulnerability, emphasizing the importance of patching and monitoring for potential exploitation attempts. Author: AlienVault
Related Tags:
sonicwall
network security
scanning
exploitation
T1595
T1133
vulnerability
T1083
T1082
Associated Indicators:
92.63.196.152
185.193.88.229
185.193.88.223
185.193.88.178
92.63.196.249