Amazon-Hosted IPs Target ColdFusion, Struts, and Elasticsearch: Cybersecurity Alert

In this video, we explore a recent coordinated cloud-based scanning operation that targeted multiple vulnerabilities across various technologies, including Adobe ColdFusion and Apache Struts. On May 8, 2025, cybersecurity researchers from GreyNoise identified 251 malicious IP addresses, all geolocated in Japan and hosted by Amazon, engaging in scanning activities aimed at exploiting known vulnerabilities. The significance of this incident lies in its potential impact on organizations worldwide, as threat actors increasingly use temporary infrastructures to conduct opportunistic attacks.

What you’ll learn: We will break down the timeline of this exploit scan, discuss the technologies affected, and provide actionable steps for organizations to protect themselves against similar threats. Understanding these vulnerabilities and the nature of the scanning activity is crucial for cybersecurity professionals and organizations looking to bolster their defenses.

The scanning operation was notable for its targeting of 75 distinct exposure points, indicating a broad-spectrum approach to identifying weaknesses. The IPs involved triggered various behaviors, including attempts to exploit known CVEs, misconfiguration probes, and reconnaissance activities. This suggests that the attackers were not selective, aiming instead to find any susceptible systems.

Among the vulnerabilities targeted were critical issues like CVE-2018-15961 in Adobe ColdFusion, CVE-2017-5638 in Apache Struts, and CVE-2015-1427 in Elasticsearch. The overlap of IP addresses across these vulnerabilities points to a single operator or toolset, a tactic that is becoming increasingly common in opportunistic scanning operations.

Organizations are urged to take immediate action by blocking the identified malicious IP addresses. However, it is important to remain vigilant, as follow-up exploitation attempts may originate from different infrastructures. This incident serves as a reminder of the ever-evolving landscape of cybersecurity threats and the need for continuous monitoring and proactive defense strategies.

Stay informed about the latest cybersecurity news and developments to better protect your organization. Understanding the nuances of these threats and the technologies involved is essential for anyone in the field of cybersecurity, from IT professionals to organizational leaders. Join us as we delve deeper into this incident and its implications for the future of cybersecurity.