- Security scientists see a marked increase in IP scans for MOVEIT -Backs
- This can signal a newly discovered vulnerability in the tool
- Most scans come from the US so be on your guard
“When bitten, twice shy” The old saying says, so when security scientists see hackers intensively scanning after Moveit deposits, it’s no wonder they sound the alarm.
Threat Intelligence Outfit Greynoise has reported a “remarkable increase” in the number of malicious scans for systems running progress’ MOVEIT SECURE Managed File Transfer Software.
Back in 2023, a major vulnerability was discovered in the software, which was quickly picked up by CL0P -at that time a notorious Russian -based ransomware operation. The hackers abused the mistake of stealing sensitive information about hundreds of organizations and millions of people – who blackmailed their path to wealth. Government bodies, health firms, IT companies – were all affected.
IP -Volumen is rising steadily
Although the error was squeezed and most cases that were patched, threat actors continued to scan the broad web for potential victims. Greynoise says scan on a regular day was “minimal” with fewer than 10 IPs a day.
On May 27, the researchers notice that the number was spiked for over 100 unique IPs, followed by 319 IPS on May 28.
Since then, the daily IP volume never fell under 200 and hovered around the 300 series. They think they are proof that someone knows something and is looking for an exploitation.
Over the past 90 days, more than 600 unique IP addresses associated with this campaign were a number that is steadily increasing. Most of them are in the United States with remarkable figures from Germany, Japan, Singapore, Brazil, Holland, South Korea, Hong Kong and Indonesia.
Managed file transfer tools, such as Moveit, are popular with SMBs and businesses as they allow for a safe and trouble -free way to share important and often sensitive files.
This makes the tools a popular goal, and in addition to the Progress’s solution, others have also been targeted, including Goanywherem, IBM ASPERA FASPEX and others.
Via Hacker the news
