Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Info Middle and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).
The tech giant’s risk intelligence team said it observed in-the-wild abuse of the vulnerability considering that September 14, 2023.
“CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Information Middle and Server,” the enterprise observed in a series of posts on X (previously Twitter).
“Any machine with a network relationship to a susceptible software can exploit CVE-2023-22515 to develop a Confluence administrator account in the software.”
CVE-2023-22515, rated 10. on the CVSS severity score process, permits remote attackers to make unauthorized Confluence administrator accounts and accessibility Confluence servers. The flaw has been addressed in the following variations –
- 8.3.3 or later
- 8.4.3 or afterwards, and
- 8.5.2 (Extended Term Help release) or later
Though the exact scale of the attacks is not apparent, Atlassian explained that it was manufactured conscious of the trouble by “a handful of shoppers,” indicating it had been exploited as a zero-working day by the threat actor.
It really is worthy of noting that Oro0lxy refers to a electronic alias made by Li Xiaoyu, a Chinese hacker who was accused by the U.S. Division of Justice (DoJ) in July 2020 of infiltrating “hundreds of companies” in the U.S., Hong Kong, and China, like coronavirus vaccine investigation developer Moderna.
Xiaoyu is mentioned to have been assigned to the Guangdong regional division of the Ministry of State Security (MSS).
“The defendants in some instances acted for their personal own economic obtain, and in other folks for the benefit of the MSS or other Chinese authorities businesses,” the DoJ said. “The hackers stole terabytes of data which comprised a subtle and prolific danger to U.S. networks.”
Corporations relying on Confluence applications are very suggested to update to the most up-to-date versions to mitigate any possible threats, and also isolate them from the community internet till the fixes are in location.
Discovered this posting interesting? Abide by us on Twitter and LinkedIn to study far more distinctive content material we submit.
Some areas of this posting are sourced from: