MOVEit Mayhem: Surge in Scanning Sparks Security Scare

GreyNoise warns of a notable surge in scanning activity targeting MOVEit Transfer systems, hinting at potential mass exploitation. The spike in scanning suggests that these systems are once again under the threat actor’s scanner. Users are advised to block offending IPs and ensure their software is updated to avoid exposure.

3P
Published: June 27, 2025 8:24 amAdded: June 27, 2025 at 1:48 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like cybercriminals have decided to MOVEit, MOVEit real good! With a sudden spike in IPs nosier than a toddler with a kazoo, it’s clear the digital mischief-makers are out for another round. It’s high time businesses hit the ‘update’ button faster than a caffeine-fueled coder at a hackathon!

Key Points:

  • Surge in scanning activity targeting MOVEit Transfer systems since May 27, 2025.
  • Over 682 unique IPs flagged, with 449 observed in the last 24 hours.
  • 344 IPs labeled as suspicious and 77 deemed malicious.
  • Most IPs originate from the US, followed by Germany and other countries.
  • Low-volume exploitation attempts detected for two known MOVEit Transfer flaws.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?