A critical security flaw in Atlassian Confluence is now being majorly exploited

News
By published

Hackers are using vulnerability to deploy ransomware

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

The abuse of a critical vulnerability recently discovered in Atlassian’s Confluence product is now “widespread”, according to multiple security researchers.

The vulnerability is tracked as CVE-2023-22518, an authentication bypass flaw affecting all versions of Confluence Data Center and Confluence Server. It carries a severity score of 9.1, and was initially thought to allow hackers to destroy sensitive data, but not steal it.

A week after Atlassian sounded the alarm, Glenn Thorpe, senior director of security research and detection engineering at security firm GreyNoise, said that he’d observed hackers going after Ukrainian targets. This past Sunday, three different IP addresses were executing malicious commands on target endpoints. The attacks, he added, have since stopped. 

C3RB3R and others

The DFIR Report, on the other hand, warned that a group under the name C3RB3R was using the flaw to somehow deliver ransomware to the targets. In other cases, hackers were using the vulnerability for lateral movement. 

“As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment,” the company said.“We have confirmed that at least some of the exploits are targeting CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server.”

“In multiple attack chains, Rapid7 observed post-exploitation command execution to download a malicious payload hosted at 193.43.72[.]11 and/or 193.176.179[.]41, which, if successful, led to single-system Cerber ransomware deployment on the exploited Confluence server.”

Atlassian addressed the vulnerability and patched Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

Users are advised to apply the fix immediately. If, for any reason, they can’t do that, they should deploy mitigation measures, including backing up unpatched instances and blocking Internet access until they're upgraded.

"Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," the company said.

Via ArsTechnica

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
The best free firewall
Palo Alto warns another major firewall hack has been detected
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
Assorted Apple and Asus laptops on orange background with big savings text overlay

These are the 16 laptop deals I'd recommend to anybody in the spring sales – including MacBooks and gaming laptops
See more latest
Most Popular
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one