Coordinated Attack by 295 Malicious IPs on Global Networks

GreyNoise, a security firm, has identified a "coordinated attack" targeting Apache Tomcat Manager interfaces, with numerous attempts to guess passwords and gain unauthorized access observed on June 5, 2025. This activity, involving 295 malicious IP addresses, primarily originated from the U.S., U.K., Germany, the Netherlands, and Singapore. The attacks are not exploiting a specific vulnerability but indicate ongoing interest in publicly accessible Tomcat services, potentially foreshadowing future attacks. Organizations are advised to implement strong passwords, restrict access, and monitor for suspicious activity.

Concurrently, Bitsight reported over 40,000 internet-exposed security cameras, accessible via HTTP or RTSP, predominantly located in the U.S., Japan, Austria, Czechia, and South Korea. These cameras, often found in homes and businesses, pose privacy risks by inadvertently leaking sensitive information. Users are urged to change default credentials, disable unnecessary remote access, and update camera software to mitigate these risks.

Security researcher João Cruz highlighted the ease of setting up these cameras, which often become unintended public surveillance tools. The report underscores the importance of proactive security measures to protect against unauthorized access and potential misuse.

Stay secure — stay Wavasec. 🔐