Threat Advisory: Suspicious Scanning Activity
November 7, 2018
DetailsHerjavec Group has detected significant malicious scanning attempts across multiple client environments, including entertainment, finance and legal organizations. These scans, mostly targeting web applications and other external facing devices, do not appear to be targeted in nature but rather part of a general, large scale attempt to discover vulnerabilities within networks. Herjavec Group has observed several IPs scanning new clients daily, and increasing in intensity. The types of scans observed from the IP addresses below include (but are not limited to): Adobe ColdFusion, Apache Struts, XSS, directory traversal, and various remote code execution vulnerabilities. Exploitation of vulnerabilities identified by these scans could allow attackers to gain remote access to and take control of your environment. No known compromises have been observed or communicated to date.
IP Addresses 18.104.22.168 Registered in the US 22.214.171.124/24 Registered in Romania 126.96.36.199 Registered in Ottawa, Leased in Taiwan 188.8.131.52 Registered in the US