Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

Jun 18, 2022Ravie Lakshmanan

A not too long ago patched vital safety flaw in Atlassian Confluence Server and Information Heart merchandise is being actively weaponized in real-world assaults to drop cryptocurrency miners and ransomware payloads.

In at the very least two of the Home windows-related incidents noticed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to ship Cerber ransomware and a crypto miner known as z0miner on sufferer networks.

The bug (CVE-2022-26134, CVSS rating: 9.8), which was patched by Atlassian on June 3, 2022, allows an unauthenticated actor to inject malicious code that paves the best way of distant code execution (RCE) on affected installations of the collaboration suite. All supported variations of Confluence Server and Information Heart are affected.

Different notable malware pushed as a part of disparate situations of assault exercise embrace Mirai and Kinsing bot variants, a rogue package deal known as pwnkit, and Cobalt Strike by the use of an online shell deployed after gaining an preliminary foothold into the compromised system.

“The vulnerability, CVE-2022-26134, permits an attacker to spawn a remotely-accessible shell, in-memory, with out writing something to the server’s native storage,” Andrew Brandt, principal safety researcher at Sophos, mentioned.

Ransomware and Crypto Miners

The disclosure overlaps with comparable warnings from Microsoft, which revealed final week that “a number of adversaries and nation-state actors, together with DEV-0401 and DEV-0234, are profiting from the Atlassian Confluence RCE vulnerability CVE-2022-26134.”

DEV-0401, described by Microsoft as a “China-based lone wolf turned LockBit 2.0 affiliate,” has additionally been beforehand linked to ransomware deployments concentrating on internet-facing techniques operating VMWare Horizon (Log4Shell), Confluence (CVE-2021-26084), and on-premises Change servers (ProxyShell).

The event is emblematic of an ongoing pattern the place risk actors are more and more capitalizing on newly disclosed vital vulnerabilities moderately than exploiting publicly recognized, dated software program flaws throughout a broad spectrum of targets.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.


Supply By https://thehackernews.com/2022/06/atlassian-confluence-flaw-being-used-to.html

Previous post 5 Sport Android Mencari Objek Tersembunyi, Untuk Semua Usia!
Next post MIT researchers develop an AI mannequin that may detect future lung most cancers danger | MIT Information