Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity
ATT&CK techniques detected
T1580Cloud Infrastructure Discovery
60%
“, amazon ( 94 ), and google ( 34 ). - top destination countries include the united kingdom, united states, germany, france, and mexico. - the overwhelming majority of scanner ips geolocate to the united states. confirmed exploitation attempts on june 12 greynoise also observed lo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595.002Vulnerability Scanning
31%
“, amazon ( 94 ), and google ( 34 ). - top destination countries include the united kingdom, united states, germany, france, and mexico. - the overwhelming majority of scanner ips geolocate to the united states. confirmed exploitation attempts on june 12 greynoise also observed lo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day. But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 29.