Espionage? Botnets? Trying to exploit a zero-day?
April 3, 2025 By Jessica Lyons
Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to exploit zero-day vulnerabilities.
On Wednesday, SANS Institute's Johannes Ullrich said he noticed a surge in scans for the username "t128," which, when accompanied by the password "128tRoutes," is a well-known default account for Juniper's Session Smart Networking products.
"About 3,000 source IPs took part in these scans," reported Ullrich, the dean of research at the infosec education and training outfit.
