Here’s an example of an actively exploited vulnerability which is now used by ransomware operators: CVE-2022-26134. This is indeed the critical Atlassian unauthenticated remote code execution vulnerability in its Confluence Server and Data Center.
The vulnerability ensures initial access to corporate networks and enables unauthenticated threat actors to take over unpatched servers remotely. This is done by creating new administrative accounts and subsequently executing arbitrary code.
Who’s Exploiting CVE-2022-26134?
First of all, it should be mentioned that proof-of-concept codes emerged online shortly after Atlassian released a patch. PoC exploits generally make exploitation even easier, and a number of botnet operators initiated numerous cryptomining attacks based on the vulnerability. Now, it seems that ransomware operators are launching attacks, too.
Prodaft researchers discovered that affiliates of the AvosLocker ransomware-as-a-service group are exploiting the flaw. Attackers are targeting unpatched, Internet-exposed Confluence servers infecting numerous victims on a mass scale automatically.
Another ransomware group using the exploit is Cerber2021 ransomware. Overall, the emergence of PoC exploits corresponds to the increase of successful Cerber ransomware attacks, according to Microsoft and other cybersecurity researchers.
What Is Atlassian Confluence?
Atlassian Confluence is a collaboration platform written primarily in Java and running on a bundled Apache Tomcat application server. The platform helps users create content using spaces, pages, and blogs that other users can comment on and edit.
To avoid any attacks, it is strongly recommended to upgrade to a fixed Confluence version. If patching is not immediately possible for some reason, a workaround is also available.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: