Home > Cyber News > Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515
CYBER NEWS

Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515

by   |  Last Update:  |  0 Comments  

Multiple ransomware collectives are actively capitalizing on recently unveiled vulnerabilities in Atlassian Confluence and Apache ActiveMQ, according to cybersecurity firm Rapid7.

CVE-2023-22518, CVE-2023-22515

The observed exploitation of CVE-2023-22518 and CVE-2023-22515 in various customer environments has resulted in the deployment of Cerber ransomware, also known as C3RB3R. Both vulnerabilities, deemed critical, enable threat actors to create unauthorized Confluence administrator accounts, posing severe risks of data loss.

Ransomware Groups Exploit CVE-2023-22518, CVE-2023-22515

Atlassian, responding to the escalating threat, updated its advisory on November 6, acknowledging “active exploits and reports of threat actors using ransomware.” The severity of the flaw has been revised from 9.8 to the maximum score of 10.0 on the CVSS scale. The Australian company attributes the escalation to a shift in the attack’s scope.

The attack chains involve widespread exploitation of vulnerable Atlassian Confluence servers accessible on the internet. This leads to the retrieval of a malicious payload from a remote server, subsequently executing the ransomware payload on the compromised server. Notably, GreyNoise’s data reveals that exploitation attempts originate from IP addresses in France, Hong Kong, and Russia.




CVE-2023-46604

Simultaneously, Arctic Wolf Labs has disclosed an actively exploited severe remote code execution flaw (CVE-2023-46604, CVSS score: 10.0) impacting Apache ActiveMQ. This vulnerability is being weaponized to deliver a Go-based remote access trojan named SparkRAT, along with a ransomware variant resembling TellYouThePass. The cybersecurity firm emphasizes the urgent need for rapid remediation to thwart exploitation attempts from various threat actors with distinct objectives.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2023-22518: New Critical Atlassian Flaw Atlassian, the Australian software company, has issued a warning regarding...
  2. Ransomware Groups Actively Exploiting Confluence Bug (CVE-2022-26134) Here’s an example of an actively exploited vulnerability which is...
  3. CVE-2021-26084: Critical Atlassian Confluence Flaw Exploited in the Wild CVE-2021-26084 is a vulnerability in Atlassian Confluence deployments across Windows...
  4. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  5. CVE-2022-26134: Critical RCE Vulnerability in Confluence Server and Data Center CVE-2022-26134 is a new critical unauthenticated remote code execution vulnerability...
  6. The Most Exploited Vulnerabilities in 2021 Include CVE-2021-44228, CVE-2021-26084 Which were the most routinely exploited security vulnerabilities in 2021?...
  7. The Most Secure Smartwatches List This is a comprehensive Top 10 list that summarizes the...
  8. CVE-2020-36239: Critical Atlassian Vulnerability Should Be Patched Immediately A critical flaw in the Atlassian platform, in multiple versions...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree