- Security researchers see a significant increase in IP scans for movement instances
- This could indicate a newly discovered vulnerability in the tool
- Most scanning come from the United States, so it’s on guard
“Once bitten, twice shy,” says the old saying, so when security researchers see computer pirates scanning intensely for instances of movement, it is not surprising that the alarm sounds.
The Threat Intelligence Team Graynoise has reported a “remarkable increase” in the amount of malicious scanning for systems that execute the File Transfer Software Managed File Progress Progress.
In 2023, great vulnerability in the software was discovered, which was quickly collected by CL0P, at that time an infamous ransomware operation based in Russia. Computer pirates abused the defect to steal confidential information about hundreds of organizations and millions of people, extorting their path to wealth. Government agencies, health companies, IT companies, were affected.
IP volume constantly increasing
Although the error was crushed and most of the instances were repaired, the threat actors continued to scan the wide network for possible victims. Greynoise says that on an ordinary day, the scan was “minimal” with less than 10 IPS per day.
The researchers point out on May 27, that number increased to more than 100 unique IPS, followed by 319 IPS on May 28.
Since then, the daily volume of IP never fell below 200, and was around the range of 300. That, they believe, is evidence that someone knows something and is looking for a feat.
In the last 90 days, more than 600 unique IP addresses were linked to this campaign, a number that has constantly increased. Most of them are in the United States, with notable figures from Germany, Japan, Singapore, Brazil, the Netherlands, South Korea, Hong Kong and Indonesia.
Managed file transfer tools, such as Moveit, are popular between SMEs and companies, since they allow a safe and perfect way to share important files already often sensitive.
This makes the tools a popular objective, and in addition to the solution of progress, others have also been attacked, including Goanywheremft, IBM Aspera Faspex and others.
Through The hacker news
