GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day.

• 682 unique IPs have triggered GreyNoise’s MOVEit Transfer Scanner tag over the past 90 days.
• The surge began on May 27 — prior activity was near-zero.
  303 IPs (44%) originate from Tencent Cloud (ASN 132203) — by far the most active infrastructure.
• Other source providers include Cloudflare (113 IPs), Amazon (94), and Google (34).
• Top destination countries include the United Kingdom, United States, Germany, France, and Mexico.
• The overwhelming majority of scanner IPs geolocate to the United States.
  ‍

Ukrainian hackers carried out a cyberattack that took down online broadcasts of Russian state television and radio channels on Monday, according to an official in Kyiv with knowledge of the operation.
#A #Dmitry #Emerging #Europe #Infrastructure #Markets #Media #Peskov #Putin #Radio #Russia #Ukraine #Vladimir #business #cybersecni #cybersecurity #politics #technology

Discover the latest insights on the emerging ransomware group Cicada3301, first detected in June 2024. Truesec's investigation reveals key findings about this group, named after a famous cryptography game, now targeting multiple victims.