Proxy‑Based Surge Scans Target SonicWall Firewalls in Coordinated Recon Campaign

GreyNoise has identified a coordinated reconnaissance effort that leverages legitimate proxy services to flood target networks with high‑volume scan traffic aimed at SonicWall firewalls. The actors enumerate device models, firmware versions, and exposed management interfaces by issuing repeated connection attempts through diverse proxy nodes, making the traffic appear as ordinary outbound requests.

Because the scans are routed through reputable proxies, they blend with normal user traffic and can evade traditional IP‑based blocking. This stealthy approach increases the likelihood that vulnerable SonicWall devices will be profiled and later exploited. Defenders should prioritize visibility into proxy‑originated connections, enforce strict rate‑limiting on management ports, and deploy anomaly‑detection rules that flag unusual scan patterns against firewall assets.

Categories: Threat Intelligence, SOC & Automation

Source: Read original article