Microsoft has associated exploiting a recently unveiled critical vulnerability within Atlassian Confluence Data Center and Server with a nation-state actor identified as Storm-0062, also known as DarkShadow or Oro0lxy.
Microsoft’s threat intelligence team has reported instances of this vulnerability being exploited in the wild since September 14, 2023.
More About the Vulnerability
The identified vulnerability, CVE-2023-22515, is a critical privilege escalation flaw found in Atlassian Confluence Data Center and Server.
In simple terms, it permits any device with network access to a vulnerable application to create an administrator account within that application.
Rated with a severity score of 10.0 on the Common Vulnerability Scoring System (CVSS), CVE-2023-22515 empowers remote attackers to create unauthorized Confluence administrator accounts and gain access to Confluence servers.
What’s the solution?
To counter this threat, the flaw has been rectified in the subsequent versions of the software:
- Version 8.3.3 or later
- Version 8.4.3 or later
- Version 8.5.2 (Long-Term Support release) or later
Though the extent of these attacks remains uncertain, it is evident that Atlassian became aware of the issue through reports from a limited number of customers, indicating that the vulnerability was leveraged as a zero-day exploit by the threat actor.
Who are these threat actors?
It is essential to highlight that Oro0lxy is an online alias attributed to Li Xiaoyu, a Chinese hacker who faced accusations from the U.S. Department of Justice in July 2020.
The charges involved infiltrating numerous companies in the United States, Hong Kong, and China, including Moderna, a developer engaged in coronavirus vaccine research.
Li Xiaoyu was reportedly affiliated with the Guangdong regional division of the Ministry of State Security (MSS). The Department of Justice asserted that these hackers were involved in activities for personal financial gain and acted in the interests of the MSS and other Chinese government entities.
“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” said FBI Deputy Director David Bowdich.
They managed to steal vast quantities of data, posing a significant and persistent threat to U.S. networks.
For organizations relying on Confluence applications, it is important to promptly update to the latest versions to mitigate potential risks.
Additionally, isolating these applications from the public internet is prudent until the necessary security fixes are in place.
Change Your Perspective!
Contemporary cyber threats are sophisticated. There is a need to be proactive, have vulnerability management in place, have advanced threat protection tools, and have an efficient cybersecurity strategy to stay secure.
Remember, state-sponsored attacks destroy nations.
Anas Hasan
October 11, 2023
2 years ago
