MOVEit transfer systems face fresh attack risk following scanning activity surge

A significant rise in scanning activity targeting MOVEit Transfer systems has been detected, indicating the software could face a resurgence in attacks.

Threat intelligence provider GreyNoise detected a massive jump in unique IPs triggering its MOVEit Transfer Scanner Tag, beginning on May 27, 2025. On that day, 100 unique IPs were detected, followed by 319 on May 28.

“Since that initial jump, the daily scanner IP volume has remained intermittently elevated between 200 to 300 IPs per day – a significant deviation from baseline and an indicator that MOVEit Transfer is once again in the crosshairs,” the researchers noted.

Read more at Infosecurity Magazine