Home > Cyber News > Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515
CYBER NEWS

Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515

Multiple ransomware collectives are actively capitalizing on recently unveiled vulnerabilities in Atlassian Confluence and Apache ActiveMQ, according to cybersecurity firm Rapid7.

CVE-2023-22518, CVE-2023-22515

The observed exploitation of CVE-2023-22518 and CVE-2023-22515 in various customer environments has resulted in the deployment of Cerber ransomware, also known as C3RB3R. Both vulnerabilities, deemed critical, enable threat actors to create unauthorized Confluence administrator accounts, posing severe risks of data loss.

Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515

Atlassian, responding to the escalating threat, updated its advisory on November 6, acknowledging “active exploits and reports of threat actors using ransomware.” The severity of the flaw has been revised from 9.8 to the maximum score of 10.0 on the CVSS scale. The Australian company attributes the escalation to a shift in the attack’s scope.

The attack chains involve widespread exploitation of vulnerable Atlassian Confluence servers accessible on the internet. This leads to the retrieval of a malicious payload from a remote server, subsequently executing the ransomware payload on the compromised server. Notably, GreyNoise’s data reveals that exploitation attempts originate from IP addresses in France, Hong Kong, and Russia.




CVE-2023-46604

Simultaneously, Arctic Wolf Labs has disclosed an actively exploited severe remote code execution flaw (CVE-2023-46604, CVSS score: 10.0) impacting Apache ActiveMQ. This vulnerability is being weaponized to deliver a Go-based remote access trojan named SparkRAT, along with a ransomware variant resembling TellYouThePass. The cybersecurity firm emphasizes the urgent need for rapid remediation to thwart exploitation attempts from various threat actors with distinct objectives.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree