Hackers Are Exploiting Atlassian Confluence Zero Day to Install Shells With No Fix Available
Exile group claims disruption of 5,000 cameras in Tehran, Ransomware groups shape-shift to avoid detection, Conti gang developed firmware hacks, Flaw in smartphone chipset could disrupt comms, more
Hackers are actively exploiting a new zero-day vulnerability tracked as CVE-2022-26134 in software company Atlassian’s team workspace software called Confluence to install web shells, with no fix available at this time. Cybersecurity firm Volexity and Atlassian issued a coordinated disclosure about the flaw, with Volexity saying it discovered the flaw over the Memorial Day weekend while performing incident response.
Atlassian said that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in Confluence Server and Data Center. In the breach analyzed by Volexity, threat actors installed BEHINDER, a JSP web shell that allows threat actors to execute commands on the compromised server remotely. The threat actors then used BEHINDER to install the China Chopper web shell and a simple file upload tool as backups. Volexity believes that multiple threat actors from China are utilizing these exploits.
Atlassian is telling customers…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.