Lucene search

K
thnThe Hacker NewsTHN:ACFAA53603DBB4D6634134714BB86FE4
HistoryOct 11, 2023 - 4:12 a.m.

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

2023-10-1104:12:00
The Hacker News
thehackernews.com
81
atlassian confluence
vulnerability
nation-state actor
storm-0062
exploitation
cve-2023-22515
microsoft
threat intelligence
zero-day
li xiaoyu
darkshadow
modena
ministry of state security
mss
cisa
fbi
ms-isac.

EPSS

0.974

Percentile

99.9%

Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).

The tech giant’s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023.

β€œCVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server,” the company noted in a series of posts on X (formerly Twitter).

β€œAny device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application.”

Cybersecurity

CVE-2023-22515, rated 10.0 on the CVSS severity rating system, allows remote attackers to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions -

  • 8.3.3 or later
  • 8.4.3 or later, and
  • 8.5.2 (Long Term Support release) or later

While the exact scale of the attacks is not clear, Atlassian said that it was made aware of the problem by β€œa handful of customers,” meaning it had been exploited as a zero-day by the threat actor.

It’s worth noting that Oro0lxy refers to a digital alias created by Li Xiaoyu, a Chinese hacker who was accused by the U.S. Department of Justice (DoJ) in July 2020 of infiltrating β€œhundreds of companies” in the U.S., Hong Kong, and China, including coronavirus vaccine research developer Moderna.

Cybersecurity

Xiaoyu, alongside DONG Jiazhi, is said to have been assigned to the Guangdong regional division of the Ministry of State Security (MSS).

β€œThe defendants in some instances acted for their own personal financial gain, and in others for the benefit of the MSS or other Chinese government agencies,” the DoJ said. β€œThe hackers stole terabytes of data which comprised a sophisticated and prolific threat to U.S. networks.”

Organizations relying on Confluence applications are highly recommended to upgrade to the latest versions to mitigate any potential threats, and also isolate them from the public internet until the fixes are in place.

CISA, FBI, and MS-ISAC Release Joint Advisory on CVE-2023-22515

On October 16, 2023, the U.S. government released a joint cybersecurity bulletin in response to active exploitation of CVE-2023-22515 to obtain access to victim systems and continue active exploitation post-patch.

It also warned of β€œwidespread exploitation of unpatched Confluence instances in government and private networks,” considering the vulnerability allows for threat actors to create rogue admin accounts with relative ease.

Found this article interesting? Follow us on Twitter ο‚™ and LinkedIn to read more exclusive content we post.