Increased network scans targeting Cisco ASA devices observed
Summary
Hide ▲
Show ▼
Large-scale network scans targeting Cisco ASA devices have been detected, raising concerns about potential upcoming vulnerabilities. The scans, which began in late July and peaked in late August, involved up to 25,000 unique IP addresses probing ASA login portals and Cisco IOS Telnet/SSH. The activity was predominantly observed in the United States, UK, and Germany. The scans were largely driven by a Brazilian botnet and used overlapping Chrome-like user agents, suggesting a coordinated effort. The scans are likely reconnaissance for exploiting new or existing vulnerabilities. System administrators are advised to apply the latest security updates and enforce multi-factor authentication (MFA) for all remote ASA logins.
Timeline
-
09.09.2025 00:44 1 articles · 23d ago
Large-scale network scans targeting Cisco ASA devices observed in late August 2025
In late August 2025, large-scale network scans targeting Cisco ASA devices were detected, involving up to 25,000 unique IP addresses. The scans were primarily driven by a Brazilian botnet and focused on ASA login portals and Cisco IOS Telnet/SSH in the United States, UK, and Germany. The activity is likely reconnaissance for exploiting new or existing vulnerabilities.
Show sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
Information Snippets
-
Two significant scanning spikes were recorded in late August 2025, with up to 25,000 unique IP addresses involved.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
-
The second wave of scans on August 26, 2025, was primarily driven by a Brazilian botnet using approximately 17,000 IPs.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
-
The scans targeted the United States, UK, and Germany, focusing on ASA login portals and Cisco IOS Telnet/SSH.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
-
The scanning activity used overlapping Chrome-like user agents, indicating a common origin.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
-
The scans are likely reconnaissance efforts for exploiting new or existing vulnerabilities.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44
-
System administrators are advised to apply the latest security updates, enforce MFA, and avoid exposing sensitive endpoints.
First reported: 09.09.2025 00:441 source, 1 articleShow sources
- Surge in networks scans targeting Cisco ASA devices raise concerns — www.bleepingcomputer.com — 09.09.2025 00:44