Microsoft has linked the exploitation of a lately disclosed important flaw in Atlassian Confluence Information Heart and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).
The tech large’s menace intelligence crew mentioned it noticed in-the-wild abuse of the vulnerability since September 14, 2023.
“CVE-2023-22515 is a important privilege escalation vulnerability in Atlassian Confluence Information Heart and Server,” the corporate famous in a sequence of posts on X (previously Twitter).
“Any system with a community connection to a susceptible utility can exploit CVE-2023-22515 to create a Confluence administrator account throughout the utility.”
CVE-2023-22515, rated 10.0 on the CVSS severity score system, permits distant attackers to create unauthorized Confluence administrator accounts and entry Confluence servers. The flaw has been addressed within the following variations –
- 8.3.3 or later
- 8.4.3 or later, and
- 8.5.2 (Lengthy Time period Assist launch) or later
Whereas the precise scale of the assaults just isn’t clear, Atlassian mentioned that it was made conscious of the issue by “a handful of shoppers,” which means it had been exploited as a zero-day by the menace actor.
It is value noting that Oro0lxy refers to a digital alias created by Li Xiaoyu, a Chinese language hacker who was accused by the U.S. Division of Justice (DoJ) in July 2020 of infiltrating “lots of of corporations” within the U.S., Hong Kong, and China, together with coronavirus vaccine analysis developer Moderna.
Xiaoyu is alleged to have been assigned to the Guangdong regional division of the Ministry of State Safety (MSS).
“The defendants in some cases acted for their very own private monetary achieve, and in others for the advantage of the MSS or different Chinese language authorities businesses,” the DoJ mentioned. “The hackers stole terabytes of knowledge which comprised a classy and prolific menace to U.S. networks.”
Organizations counting on Confluence purposes are extremely really helpful to improve to the newest variations to mitigate any potential threats, and likewise isolate them from the general public web till the fixes are in place.
