The Greynoise Intelligence Company warns of “coordinated overstress” when operating fake vulnerability on the server side (SSRF) covering several platforms.
“At least 400 IPS has been noticed that actively exploits multiple SSRF Cves at the same time, with a noticeable overlapping between the attack attempts,” the company – NoteAdding it to the activity of the activities of March 9, 2025.
Countries that came out as the goal of operating SSRF include the US, Germany, Singapore, India, Lithuania and Japan. Another notable country is Israel, which witnessed the growth of March 11, 2025.
SSRF’s list of vulnerabilities used below –
Greynoise said that many of the same IP addresses are focused on a few SSRF imperfections at the same time, rather than focusing on one special weakness, noting that the activity model involves structured exploitation, automation or scouting before side.
In light of active operation attempts, it is important that users apply the latest patches, limit the weekend connections to the required final points and track suspicious requests.
“Many modern cloud services rely on the API internal metadata to which SSRF can access if it is used,” Grainaaz said. “SSRF can be used to display internal networks, dating vulnerable services and abduction cloud credentials.”
