Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Increasingly Perilous Landscape of Cybersecurity: A Looming Threat to MOVEit Transfer Users



The use of managed file transfer solutions such as MOVEit Transfer has become increasingly common due to its ability to handle high-value information securely. However, recent scanning activity targeting these systems has highlighted the need for enhanced security measures to protect against exploitation. As attackers continue to evolve and exploit vulnerabilities with increasing frequency, users must take proactive steps to safeguard their systems against potential threats.

  • The managed file transfer solution MOVEit Transfer has become a target for malicious actors due to its handling of high-value information.
  • GreyNoise detected an alarming surge in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025.
  • The number of unique IP addresses targeting these systems increased from fewer than 10 per day prior to May 27 to over 100 on that date and beyond.
  • Exploitation attempts have been detected aimed at weaponizing two known MOVEit Transfer flaws, CVE-2023-34362 and CVE-2023-36934.
  • The attackers are geolocated from multiple countries, including the US, Germany, Japan, and others.
  • Users of MOVEit Transfer solutions need to ensure their systems remain up-to-date and patched against known vulnerabilities.



  • In recent weeks, a concerning trend has emerged in the cybersecurity community, highlighting the ever-present threat of exploitation by malicious actors. At the center of this storm is the popular managed file transfer solution, MOVEit Transfer, which has become a prized target for attackers due to its handling of high-value information.

    According to data from threat intelligence firm GreyNoise, there has been an alarming surge in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025. This significant increase in scanning volume is indicative of the fact that attackers are attempting to exploit known vulnerabilities in these systems or scan for potential entry points to gain unauthorized access.

    The severity of this situation was underscored by GreyNoise when it stated that prior to May 27, 2025, scanning activity was minimal, with fewer than 10 unique IP addresses observed per day. However, following the date in question, the number of unique IPs spiked to over 100 on May 27 and continued to remain elevated throughout the month.

    As of June 12, 2025, GreyNoise detected low-volume exploitation attempts aimed at weaponizing two known MOVEit Transfer flaws - CVE-2023-34362 and CVE-2023-36934. Notably, CVE-2023-34362 was exploited by the notorious Cl0p ransomware actors as part of a widespread campaign in 2023, impacting over 2,770 organizations.

    Furthermore, an examination of IP addresses revealed that more than half of them are geolocated to the United States, followed closely by Germany, Japan, Singapore, Brazil, the Netherlands, South Korea, Hong Kong, and Indonesia. This geographical spread suggests a global reach for malicious actors seeking to exploit vulnerabilities in MOVEit Transfer systems.

    The implications of this surge in scanning activity are multifaceted. Firstly, it underscores the need for users of MOVEit Transfer solutions to ensure that their systems remain up-to-date and patched against known vulnerabilities. Moreover, blocking offending IP addresses is crucial in mitigating potential attacks. It also highlights the importance of implementing robust security protocols to prevent unauthorized access.

    In light of these findings, cybersecurity professionals are advised to exercise caution when dealing with vulnerable software and take proactive measures to protect their systems from exploitation. Additionally, users should be vigilant about publicly exposing MOVEit Transfer instances over the internet, as this can inadvertently serve as an entry point for malicious actors.

    The recent surge in scanning activity targeting Progress MOVEit Transfer systems serves as a stark reminder of the ever-present threat landscape in the cybersecurity domain. As attackers continue to evolve and exploit vulnerabilities with increasing frequency, it is essential that users remain vigilant and take proactive steps to safeguard their systems against potential threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Increasingly-Perilous-Landscape-of-Cybersecurity-A-Looming-Threat-to-MOVEit-Transfer-Users-ehn.shtml

  • https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html

  • https://nvd.nist.gov/vuln/detail/CVE-2023-34362

  • https://www.cvedetails.com/cve/CVE-2023-34362/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-36934

  • https://www.cvedetails.com/cve/CVE-2023-36934/


  • Published: Fri Jun 27 04:53:14 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us