In recent days, one has been identified vulnerability criticism in the company server app Confluence by Atlassian. Through this exploit, hackers are able to execute malicious commands and reset servers, which can also lead to attacks ransomware.
Through social media Mastodonhe expressed himself Glenn Thorpe Of GreyNoise stating how “Widespread exploitation of authentication bypass vulnerability CVE-2023-22518 in Atlassian Confluence Server has begun, resulting in risk of significant data loss“. The same expert then specified how all the attacked IP addresses appear to be on Ukrainian territory.
Thanks to the work of security experts it was possible to identify three different IP addresses They began exploiting the critical vulnerability in a massive way starting from 00:00 to 8:00 on Sunday (Europen time). Although the wave of attacks has temporarily stopped, specialists in the sector say further operations are more than likely over the next few hours.
Atlassian Confluence server under attack: the importance of the corrective patch
Daniel Lydon and Conor Quinn of Rapid7 also spoke out about the attacks on the Atlassian Confluence servers.”As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing Atlassian Confluence exploitation in multiple customer environments, including ransomware deployment“.
The experts went on to say “We have confirmed that at least some of the exploits target CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server“.
As per practice, Atlassian Confluence has already proposed one corrective patch: In this sense, anyone who runs such a server should immediately update their server. Now that word has spread that the exploits are easy to exploit, it is likely that cybercriminal groups are taking action to exploit the vulnerability before it is patched on almost all servers.