Home>Blog>The Hacker News Headlines>Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners
The Hacker News Headlines

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

Atlassian Confluence

A recently patched critical security flaw[1]
in Atlassian Confluence Server and Data Center products is being
actively weaponized in real-world attacks to drop cryptocurrency
miners and ransomware payloads.

In at least two of the Windows-related incidents observed by
cybersecurity vendor Sophos, adversaries exploited the
vulnerability to deliver Cerber ransomware and a crypto miner[2]
called z0miner on victim networks.

The bug (CVE-2022-26134[3], CVSS score: 9.8), which
was patched[4]
by Atlassian on June 3, 2022, enables an unauthenticated actor to
inject malicious code that paves the way of remote code execution
(RCE) on affected installations of the collaboration suite. All
supported versions of Confluence Server and Data Center are
affected.

CyberSecurity

Other notable malware pushed as part of disparate instances of
attack activity include Mirai and Kinsing bot variants, a rogue
package called pwnkit[5], and Cobalt Strike by
way of a web shell deployed after gaining an initial foothold into
the compromised system.

“The vulnerability, CVE-2022-26134, allows an attacker to spawn
a remotely-accessible shell, in-memory, without writing anything to
the server’s local storage,” Andrew Brandt, principal security
researcher at Sophos, said[6].

Ransomware and Crypto Miners

The disclosure overlaps with similar warnings from Microsoft,
which revealed[7]
last week that “multiple adversaries and nation-state actors,
including DEV-0401[8]
and DEV-0234, are taking advantage of the Atlassian Confluence RCE
vulnerability CVE-2022-26134.”

CyberSecurity

DEV-0401, described by Microsoft as a “China-based lone wolf
turned LockBit 2.0 affiliate,” has also been previously linked to
ransomware deployments targeting internet-facing systems running
VMWare Horizon (Log4Shell[9]), Confluence (CVE-2021-26084[10]), and on-premises
Exchange servers (ProxyShell[11]).

The development is emblematic of an ongoing trend[12] where threat actors are
increasingly capitalizing on newly disclosed critical
vulnerabilities rather than exploiting publicly known, dated
software flaws across a broad spectrum of targets.

References

  1. ^
    critical
    security flaw     (thehackernews.com)
  2. ^
    crypto
    miner     (blog.checkpoint.com)
  3. ^
    CVE-2022-26134
    (nvd.nist.gov)
  4. ^
    patched
    (thehackernews.com)
  5. ^
    pwnkit
    (thehackernews.com)
  6. ^
    said
    (news.sophos.com)
  7. ^
    revealed
    (twitter.com)
  8. ^
    DEV-0401
    (www.microsoft.com)
  9. ^
    Log4Shell
    (thehackernews.com)
  10. ^
    CVE-2021-26084
    (thehackernews.com)
  11. ^
    ProxyShell
    (thehackernews.com)
  12. ^
    ongoing trend
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.