State-backed Hackers Are Exploiting New 'Critical' Atlassian Zero-Day Bug

Microsoft says Chinese state-backed hackers are exploiting a "critical"-rated zero-day vulnerability in Atlassian software to break into customer systems. From a report: The technology giant's threat intelligence team said in a post on X, formerly Twitter, that it has observed a nation-state threat actor it calls Storm-0062 exploiting a recently disclosed critical flaw in Atlassian Confluence Data Center and Server. Microsoft has previously identified Storm-0062 as a China-based state-sponsored hacker.

Microsoft said it observed in-the-wild abuse of the maximum rated 10.0 vulnerability, tracked as CVE-2023-22515, since September 14, some three weeks before Atlassian's public disclosure on October 4. A bug is considered a zero-day when the vendor -- in this case Atlassian -- has zero time to fix the bug before it is exploited. Atlassian updated its advisory this week to confirm it has "evidence to suggest that a known nation-state actor" is exploiting the bug, which the company says could allow a remote attacker to create unauthorized administrator accounts to access Confluence servers. Atlassian's Confluence is a widely popular collaborative wiki system used by corporations around the world to organize and share work.

Just migrated

[necro81]

My organization just underwent a migration from locally-hosted (on-premises) Confluence Server to hosting on the Atlassian cloud. We didn't want to, but Atlassian strong-armed it as "your local license isn't getting renewed, so you can either migrate or be shit outta luck". TFA indicates that this affects locally-hosted Confluence Server instances. So maybe we dodged a bullet? (I don't know the details: I'm just a user, not involved in administering these tools.)

Re:

[Anonymous Coward]

... So maybe we dodged a bullet? (I don't know the details: I'm just a user, not involved in administering these tools.)

unless Atlassian Cloud uses that software in the back end...

Re: Just migrated

[Midnight_Falcon]

Unless your company's Confluence instance was exposed to the public Internet, probably not doding a bullet. That would require exploit chaining and pre existing access to get to the confluence server such as a zero trust gateway or old fashioned VPN. If a state actor was already in the network some individual vulnerability is probably not going to be the only thing that allows them to expand their access, there's plenty of ways from there.

Confluence alternatives?

[awwshit]

Are there any decent Confluence alternatives? FOSS preferred.

I run an Confluence internally. Atlassian is forcing everyone to go with the cloud offering unless you pay $25000 a year or more. Confluence is pricing itself out of the market, you are really doing something wrong when you make Oracle look cheap.

Re:Confluence alternatives?

[jwhitener]

The software that runs Wikipedia is open source. https://www.mediawiki.org/wiki/Download
Or another alternative that claims to be able to migrate confluence data is https://bluespice.com/buy/prices/configure-your-price/ , but it isn't that much cheaper.

We are going to move from the server version to the data center version. It is a little more expensive, but we can keep the installation onsite.

Re:

[awwshit]

Bluespice looks much cheaper than Confluence. Thanks for the tip.

Re:

[_merlin]

There used to be a free version of BlueSpice with no support. Is that no longer offered? It's basically just a bunch of MediaWiki plugins.

Re:

[Big Jason]

Don't know what you consider a viable alternative but I like https://www.dokuwiki.org/dokuw... [dokuwiki.org] and https://www.bookstackapp.com/ [bookstackapp.com].

Re:

[MikeDataLink]

Don't know what you consider a viable alternative but I like https://www.dokuwiki.org/dokuw... [dokuwiki.org] and https://www.bookstackapp.com/ [bookstackapp.com].

I just put in BookStack for our small business.. It's decent enough.

Re: Confluence alternatives?

[dknj]

Itâ(TM)s very very far from confluence tho

Re:Confluence alternatives?

[Shakrai]

you are really doing something wrong when you make Oracle look cheap

Heh, there was a meme that went around the block a few years ago, image of a ransomware screen, with text, "Greetings! Instead of encrypting your files, we have installed hundreds of hidden copies of Oracle all over your environment. Pay us 10 BTC and we will remove them. If you do not pay, we will report you to Oracle for running unlicensed software."

Re:

[lexios]

Perhaps XWiki https://www.xwiki.org/ [xwiki.org] is of interest to you? It doesn't look like there's an easy import option from Confluence yet though.

Re:

[coofercat]

Nuclino is pretty decent and not too expensive: https://www.nuclino.com/ [nuclino.com] - works well for the "normals", and is good enough for more power users too. Not sure about integrations with other tools though.

I haven't been able to use it "in anger" as the world and his wife seems to be wedded to Jira/Confluence. I can see the attraction, but there are other ways to do half-decent ticketing (at least for 'simple' shops - enterprises with a zillion crazy customisations will have to stick with Jira). Confluence was

Solution

[backslashdot]

Create a story to that contains a task to delete the entire Atlassian epic.

Re:

[awwshit]

100%

Chinese state-backed?

[dwater]

How do they know this?