A surge in scanning and exploitation activity targeting Progress Software’s MOVEit Transfer indicates a significant and ongoing cybersecurity threat. Major cloud providers are primary sources of malicious scans, highlighting the global and coordinated nature of the attacks. #MOVEitTransfer #CVE2023-34362 #CVE2023-36934 #cloudsecurity
Keypoints
- Threat actors have increased scanning activity against MOVEit Transfer, with over 600 unique IP addresses detected in recent months.
- The majority of malicious scans originate from major cloud providers like Tencent Cloud, Cloudflare, Amazon, and Google.
- Geographically, most scanning IPs are located in the United States, targeting organizations primarily in North America and Europe.
- Exploitation attempts linked to known vulnerabilities have been observed, but widespread breaches have not yet occurred.
- Organizations are advised to apply patches, monitor activity, and implement IP blocking to defend against ongoing threats.
Read More: https://gbhackers.com/moveit-transfer-systems-hit-by-wave-of-attacks/