Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities

A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems.

Cybersecurity firm GreyNoise has identified a dramatic nine-fold increase in suspicious scanning activity, suggesting coordinated reconnaissance that could foreshadow future exploitation.

According to GreyNoise, more than 230 unique IP addresses targeted ICS and IPS VPN endpoints on April 18 alone—a sharp escalation from the typical daily average of fewer than 30.

Even more concerning, over the past 90 days, the number of unique IPs involved in similar activity soared to 1,004.

“This isn’t just isolated noise,” a GreyNoise spokesperson explained. “Spikes like this are often the prelude to more serious threats, particularly as attackers look for new vulnerabilities before they’re publicly disclosed.”

Threat Landscape

The cybersecurity firm’s analysis paints a detailed picture ...