Threat actors are actively mining cryptocurrency illegally on susceptible installations, utilizing a serious security flaw that has been addressed to harm the Atlassian Confluence Data Center and Confluence Server.
Threat actors are actively using a significant security hole that has been patched to affect the Atlassian Confluence Data Center and Confluence Server to mine cryptocurrencies illegally on vulnerable installations. “The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes, and maintaining persistence via cron jobs,” Abdelrahman Esmail, a researcher at Trend Micro,
The exploited security flaw is CVE-2023-22527, a maximum severity fault in Atlassian Confluence Data Center and Confluence Server versions prior to 2023, which might grant remote code execution to unauthenticated attackers. The Australian software company responded to it in the middle of January 2024. Between mid-June and the end of July 2024, Trend Micro reported that it saw a significant amount of attempts to exploit the weakness, which was used to drop the XMRig miner on unpatched systems. It is believed that the malicious activity is being carried out by at least three distinct threat actors.
XMRig miner launches using an ELF file payload with custom-crafted requests employing a shell script to gather system information, delete all current cron jobs, uninstall cloud security tools from Tencent and Alibaba, end competing cryptojacking campaigns (like Kinsing), and then set up a new cron job that launches the miner and checks for command-and-control (C2) server connectivity every five minutes.
According to Esmail, “CVE-2023-22527 poses a serious security risk to organizations globally due to threat actors’ ongoing exploitation of it.” “To minimize the risks and threats associated with this vulnerability, administrators should update their versions of Atlassian Confluence Data Center and Confluence Server to the latest available versions as soon as possible.”
Also read: DORA (Digital Operational Resilience Act) Batch 2 Changes and Expectations from BFSI sector
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.