Close Menu
Cybercrime and Ransomware

MOVEit Transfer: Rising Threats Amidst Surge in Scanning and Targeted CVE Flaws

Staff WriterBy No Comments4 Mins Read6 Views

Fast Facts

  1. Surge in Scanning Activity: GreyNoise reports a significant increase in scanning for Progress MOVEit Transfer systems, with daily unique IPs spiking from fewer than 10 to over 319, indicating possible preparations for widespread exploitation.

  2. Threat Landscape: A total of 682 unique IPs were flagged over 90 days, with 449 observed in the last 24 hours; 344 are deemed suspicious and 77 malicious, predominantly from the U.S. and other countries including Germany and Japan.

  3. Exploitation Attempts Detected: On June 12, 2025, GreyNoise identified attempts to exploit two vulnerabilities (CVE-2023-34362 and CVE-2023-36934), the former previously abused in a large-scale ransomware attack in 2023.

  4. User Precautions Advised: To mitigate threats, users should block suspicious IPs, ensure MOVEit Transfer software is updated, and avoid exposing the system publicly online.

The Issue

On June 27, 2025, the threat intelligence firm GreyNoise reported a significant surge in scanning activities targeting Progress MOVEit Transfer systems, a widely used solution for secure file transfer among businesses and government entities. This uptick, beginning on May 27, was marked by a dramatic increase in the daily volume of scanning IP addresses—from under ten to over 300 within a mere two days—indicating a potential preparation for mass exploitation or probing for unpatched vulnerabilities. GreyNoise identified 682 unique IPs linked to this suspicious activity over the preceding 90 days, with 449 observed just within the last 24 hours. Notably, a concentration of malicious activity was detected from IP addresses predominantly originating in the United States, alongside others from various countries including Germany, Japan, and Brazil.

The report underscored the urgency of the situation, revealing low-volume exploitation attempts related to two known vulnerabilities within MOVEit Transfer, specifically CVE-2023-34362 and CVE-2023-36934. The former had previously been exploited by Cl0p ransomware in 2023, affecting over 2,770 entities. GreyNoise emphasized the imperative for organizations utilizing MOVEit Transfer to tighten their security measures—blocking problematic IP addresses, ensuring their software is current, and maintaining a vigilant posture against external exposure.

Risk Summary

The recent surge in scanning activities targeting Progress MOVEit Transfer systems, with a notable spike to over 300 unique IPs and a concerning identification of 77 malicious addresses, underscores a significant and immediate risk not only to individual organizations relying on this platform but also to the broader business ecosystem. This vulnerability signals a prelude to potential mass exploitation, echoing the devastating impact observed in previous campaigns, such as the Cl0p ransomware incident that affected over 2,770 entities. If these critical weaknesses are left unaddressed, the repercussions could arguably cascade, leading to data breaches that compromise sensitive client information, erosion of trust among stakeholders, and crippling financial losses, which in turn may destabilize supply chains and disrupt service availability across multiple sectors. Therefore, it is imperative for organizations to act proactively by reinforcing their security protocols and ensuring that their MOVEit Transfer systems are fully patched and shielded from these imminent threats.

Possible Remediation Steps

Timely remediation is critical in maintaining the integrity and security of data transmission systems, especially when facing heightened vulnerabilities such as those presented by MOVEit Transfer.

Mitigation Steps

  1. Patch Management: Implement immediate updates to address CVE flaws.
  2. Enhanced Monitoring: Increase the frequency of security scanning to detect anomalies.
  3. Access Controls: Tighten user permissions to limit exposure.
  4. Incident Response Planning: Develop and rehearse response strategies for potential breaches.
  5. User Education: Train staff on recognizing phishing and social engineering threats.

NIST CSF Guidance
The NIST Cybersecurity Framework highlights the necessity of continuous assessment and response to evolving threats. For comprehensive remediation strategies, refer to NIST SP 800-53, which provides explicit guidelines on vulnerability management and incident response protocols.

Advance Your Cyber Knowledge

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.