GreyNoise reports a significant increase in scanning activity targeting Progress MOVEit Transfer systems starting in late May 2025, indicating potential preparation for exploitation. The activity involves numerous suspicious and malicious IPs, primarily from the US and other countries, suggesting ongoing threats to organizations using MOVEit Transfer. #CVE2023-34362 #CVE2023-36934 #Cl0p
Keypoints
- A surge in scanning activity targeting MOVEit Transfer systems began on May 27, 2025.
- Over 680 unique IPs have been associated with suspicious activity in the past 90 days.
- Majority of the suspicious IPs originate from the United States and several other countries.
- Attempts to exploit known vulnerabilities, CVE-2023-34362 and CVE-2023-36934, were detected in June 2025
- Users are advised to update software, block IPs, and avoid public exposure of MOVEit instances.
Read More: https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html