Threat actors have been taking advantage of a critical remote code execution (RCE) Atlassian bug that was uncovered in January. The bug, known as CVE-2023-22527 in the Confluence Data Center and Confluence Server, is now being exploited in cryptojacking attacks that are draining network resources. This bug affects enterprise-level deployments of Atlassian Confluence, a platform used for collaboration and documentation by teams and organizations.
Initially, the bug received a perfect 10 out of 10 score on the Common Vulnerability Scoring System (CVSS), indicating its high potential for exploitation in various attacks, from ransomware to cyber espionage. However, researchers recently discovered that threat actors are now using this bug for cryptojacking activities. This revelation came eight months after the bug was discovered and patched by Atlassian, according to a blog post by Trend Micro published on Aug. 28.
Trend Micro found that threat actors are deploying shell scripts and XMRig miners to exploit the bug, targeting SSH endpoints, eliminating competing cryptomining processes, and establishing persistence through cron jobs. In addition to these methods, thousands of other attempts to exploit the vulnerability have been detected by Trend Micro in recent months.
The attackers have been employing different tactics to achieve their goals. They managed to infiltrate systems by leveraging the CVE-2023-22527 bug, enabling them to execute commands and initiate cryptomining activities. By using various attack vectors, the threat actors have been successful in hijacking system resources and maintaining control over compromised environments.
To counter these attacks, organizations are advised to promptly patch their systems and apply security updates. Additionally, implementing network segmentation, conducting regular security audits, and having a robust incident response plan are crucial steps to prevent and mitigate such vulnerabilities from being exploited. By staying vigilant and proactive in cybersecurity measures, businesses can protect themselves against emerging threats and safeguard their sensitive data and resources.