GreyNoise reports a coordinated brute-force attack targeting Apache Tomcat Manager interfaces, with malicious IP addresses primarily from the US, UK, Germany, Netherlands, and Singapore. Organizations with exposed Tomcat services are at risk, highlighting the need for strong authentication and vigilant monitoring. #GreyNoise #TomcatManager
Keypoints
- GreyNoise observed a surge in brute-force and login attempts against Apache Tomcat Manager interfaces.
- Almost all involved IP addresses, numbering in the hundreds, have been classified as malicious.
- The activity originated mainly from US, UK, German, Dutch, and Singaporean IP addresses, with significant use of DigitalOcean infrastructure.
- Threat actors are exploiting exposed Tomcat services for potential future attacks without targeting a specific vulnerability now.
- Organizations are advised to implement strong access controls and continuously monitor for suspicious activities.
Read More: https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.html