Cybersecurity researchers reported a cloud-based scanning campaign involving 251 malicious IP addresses from Japan, targeting 75 distinct exposure points across various technologies. Observed on May 8, 2025, this operation included a range of attack techniques, from CVE exploits to misconfiguration probes. The malicious IPs exhibited no activity before or after the surge, indicating they were rented temporarily. GreyNoise found a significant overlap in scanning targets, suggesting a single operator utilized multiple IP addresses, reflecting a common pattern in opportunistic cyber-attacks.
These IPs triggered 75 distinct behaviors, including CVE exploits, misconfiguration probes, and recon activity, indicating temporary infrastructure rental for a single operation.
The opportunistic operation ranged from exploitation attempts for known CVEs to probes for misconfigurations and other weak points in web infrastructure.
Collection
[
|
...
]