Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Introduction

Cybersecurity firm GreyNoise has recently detected a coordinated cyberattack involving over 400 IPs actively exploiting multiple SSRF vulnerabilities. These attacks, first observed on March 9, 2025, target various cloud services, enterprise platforms, and software solutions, posing a serious threat to global cybersecurity.

The attack has been particularly aggressive in the United States, Germany, Singapore, India, Lithuania, Japan, and Israel, where a surge in SSRF exploitation attempts has been noted.

?? Listen to the Episode: https://technijian.com/podcast/coordinated-cyberattack-exploiting-multiple-ssrf-vulnerabilities/

What Are SSRF Vulnerabilities?

Server-Side Request Forgery (SSRF) is a dangerous vulnerability that allows hackers to send unauthorized requests from a compromised server. This can lead to:

• Access to internal services that should not be exposed to the public.
• Extraction of cloud metadata, including API keys and authentication credentials.
• Bypassing network security controls to communicate with restricted systems.
• Mapping internal networks, allowing attackers to plan further exploitation.

How the Coordinated SSRF Attack Is Being Carried Out

GreyNoise’s findings indicate a highly structured attack method involving:

• Automated scanning and exploitation of multiple SSRF vulnerabilities.
• Simultaneous targeting of different CVEs to maximize the chances of success.
• Exfiltration of sensitive data and pre-compromise intelligence gathering.

List of Exploited SSRF Vulnerabilities

Several SSRF vulnerabilities have been identified as actively exploited in this attack. The most critical ones include:

CVE ID

Affected Platform

CVSS Score

CVE-2017-0929

DotNetNuke

7.5

CVE-2020-7796

Zimbra Collaboration Suite

9.8

CVE-2021-21973

VMware vCenter

5.3

CVE-2021-22054

VMware Workspace ONE UEM

7.5

CVE-2021-22175

GitLab CE/EE

9.8

CVE-2021-22214

GitLab CE/EE

8.6

CVE-2021-39935

GitLab CE/EE

7.5

CVE-2023-5830

ColumbiaSoft DocumentLocator

9.8

CVE-2024-6587

BerriAI LiteLLM

7.5

CVE-2024-21893

Ivanti Connect Secure

8.2

OpenBMCS 2.4

Authenticated SSRF Attempt

No CVE

Zimbra Collaboration Suite

SSRF Attempt

No CVE

For a detailed breakdown of the attack and its impact, read our full report here: ?? https://technijian.com/cyber-security/vulnerabilities/over-400-ips-exploiting-multiple-ssrf-vulnerabilities-in-coordinated-cyber-attack/

How to Protect Your Business from SSRF Exploits

1. Apply Security Patches Immediately

• Update all affected software and cloud services to the latest secure versions.
• Regularly check vendor advisories for SSRF-related security patches.

2. Implement Network-Level Protections

• Restrict outbound requests to only authorized domains.
• Deploy firewalls and access controls to limit network exposure.

3. Secure Cloud Metadata APIs

• Enable AWS IMDSv2 to prevent attackers from extracting metadata information.
• Disable unnecessary internal API endpoints that SSRF exploits can access.

4. Monitor and Detect Suspicious Activity

• Set up Intrusion Detection Systems (IDS) to flag unexpected outbound requests.
• Use SIEM solutions to monitor and log unauthorized network activity.

5. Implement Input Validation & Whitelisting

• Block untrusted URLs and request parameters using strict input validation.
• Whitelist only approved domains for server-side requests.

For more security best practices, visit: ??https://technijian.com/cyber-security/vulnerabilities/over-400-ips-exploiting-multiple-ssrf-vulnerabilities-in-coordinated-cyber-attack/

FAQs on SSRF Vulnerabilities & Prevention

1. What makes SSRF vulnerabilities so dangerous?

SSRF allows attackers to bypass network security controls and access internal services, often leading to cloud data breaches and infrastructure compromises.

2. How can I check if my applications are vulnerable?

Use security testing tools like Burp Suite, OWASP ZAP, or Nessus to identify SSRF flaws in your systems.

3. Which industries are most at risk?

Industries using cloud services, enterprise applications, and financial technology are among the highest risk targets.

4. What are the best ways to prevent SSRF attacks?

Implement regular patching, restrict outbound traffic, secure metadata APIs, and use strong input validation.

5. Why are multiple SSRF vulnerabilities being exploited simultaneously?

Attackers use automated tools to exploit multiple vulnerabilities at once, increasing their chances of success and making detection harder.

6. What should I do if I suspect an SSRF attack in my network?

Immediately block suspicious IP addresses, investigate logs, apply patches, and conduct a security audit.

How Technijian Can Help Secure Your Business

At Technijian, we provide cutting-edge cybersecurity solutions to protect businesses from SSRF exploits and other cyber threats. Our services include:

? 24/7 Cyber Threat Monitoring – Detect and prevent cyberattacks in real time.

? Security Patch Management – Ensure all vulnerabilities are patched before exploitation. ? Cloud & Network Security Audits – Identify and mitigate risks before attackers strike.

? Incident Response & Forensics – Rapid investigation to neutralize ongoing threats.

? Zero Trust Security Framework – Strengthen access controls against unauthorized requests.

?? Don't wait until it's too late! Get expert cybersecurity protection from Technijian today.

?? Contact us now or visit: ?? Technijian Cybersecurity Solutions

?? Listen to the Episode: Coordinated Cyberattack Exploiting Multiple SSRF Vulnerabilities

?? Follow us for the latest updates, expert tips, and resources:

• Facebook
• Instagram
• LinkedIn
• TikTok
• Pinterest
• X (Twitter)

??? Subscribe to Our Podcast:

• Spotify
• Amazon Music
• YouTube Podcast

?? Visit Us Online: Technijian Official Website

Stay informed. Stay safe. Follow us for more updates!