Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats
Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats
GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt — registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.
Summary of Observed Activity
Tomcat Manager Brute Force Attempt
- 250 unique IPs observed
- Baseline range: 1-15 IPs
- All classified as malicious
To read the complete article see: Complete article
This post is licensed under CC BY 4.0 by the author.