Cybersecurity researchers uncovered a coordinated cloud-based scanning campaign targeting vulnerabilities across multiple web platforms from Japan-based IPs. The activity was brief but widespread, leveraging temporary IPs to identify exploitable weaknesses. #CVE2018-15961 #ApacheStruts
Keypoints
- The attack involved 251 malicious IPs hosted by Amazon in Japan conducting targeted scans.
- Multiple vulnerabilities were targeted, including CVE-2018-15961, CVE-2017-5638, and CVE-2015-1427.
- The scanning activity lasted only on May 8, 2025, with no apparent activity before or after.
- Overlapping IPs across different vulnerability scans suggest a single operator or toolset.
- Organizations should block the identified malicious IPs to prevent follow-up exploitation attempts.
Read More: https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html