GreyNoise Warns of New Cyber Threats Targeting MoveIT File Transfer Software Users
Cybersecurity firm GreyNoise has issued a new warning regarding potential large-scale cyberattacks targeting systems that use MoveIT File Transfer software. The company’s scanning tools have detected a rise in global cyber threats aimed at exploiting vulnerabilities in these systems.
In 2023, MoveIT became a target of a cyberattack that affected nearly 2,700 organizations using its file transfer software. This breach was attributed to the Cl0p ransomware group. Now, a similar pattern appears to be unfolding, as threat actors from various IP addresses are actively scanning MoveIT systems for vulnerabilities.
In May, the scale of the threat seemed minimal, with only 10 IP addresses involved in this malicious activity. However, this number has since surged to over 600 addresses, which are now probing for weaknesses in MoveIT software.
Surveillance of these scanning IP addresses has traced them back to computing devices in countries such as the United States, Germany, Japan, Singapore, Brazil, the Netherlands, South Korea, Hong Kong, and Indonesia. It remains unclear whether these addresses are being masked by bots or VPNs.
This growing activity suggests that threat actors are once again targeting MoveIT systems. If any vulnerabilities are discovered, these attackers could potentially breach networks to steal or encrypt data, holding it hostage until a ransom is paid.
Scale AI Responds to Data Breach Rumors
Scale AI has been the subject of rumors recently, with reports claiming the company was hit by a data breach. Although Scale AI has denied these allegations, calling them “misinformation,” the company has launched an internal investigation led by its security team to determine the facts.
Business Insider reports that hackers may have compromised a Scale AI database, stealing sensitive files from the company’s Google Docs account. The stolen data allegedly includes project files from major tech companies like Meta, xAI, and Twitter, which were found to be publicly accessible via links on Google Cloud.
Initial investigations revealed that the data was intended to be accessible to freelancers working on Scale AI projects. However, the files were left unsecured, making them publicly available without proper protection.
Upon discovering the issue, Scale AI’s IT team swiftly secured the files, making the 85 publicly accessible documents private to protect sensitive information related to various projects, including those of major tech firms like Meta and Twitter.
While it is still unclear whether any unauthorized third parties accessed or stole the data, Scale AI has promised to provide further updates as the investigation progresses. Meanwhile, the security breach has caused some disruption for contractors working on the affected projects, as the database has been isolated for further analysis.
Join our LinkedIn group Information Security Community!
