Apache Tomcat Panels Hit by Coordinated Login Attacks

Hackers are launching a coordinated wave of brute-force attacks on Apache Tomcat Manager interfaces exposed to the internet, using hundreds of unique IP addresses to escalate their efforts. The campaign targets web servers running the open-source Apache Tomcat software, aiming to gain unauthorized access to administrative panels by systematically guessing login credentials.

Security analysts report that the volume and distribution of the attacks suggest a high degree of automation, indicating the use of botnets or other mass scanning tools. The Apache Tomcat Manager interface is typically restricted to trusted users, but improper configuration or weak credentials can leave systems vulnerable.

The ongoing activity underscores the importance of securing management interfaces and limiting exposure to the internet. Organizations using Apache Tomcat are advised to review access controls, enforce strong authentication methods, and monitor for abnormal login attempts. The attackers’ use of diverse IP sources aims to bypass common rate-limiting defenses and evade detection.