Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

State-backed Hackers Are Exploiting New 'Critical' Atlassian Zero-Day Bug (techcrunch.com) 18

Microsoft says Chinese state-backed hackers are exploiting a "critical"-rated zero-day vulnerability in Atlassian software to break into customer systems. From a report: The technology giant's threat intelligence team said in a post on X, formerly Twitter, that it has observed a nation-state threat actor it calls Storm-0062 exploiting a recently disclosed critical flaw in Atlassian Confluence Data Center and Server. Microsoft has previously identified Storm-0062 as a China-based state-sponsored hacker.

Microsoft said it observed in-the-wild abuse of the maximum rated 10.0 vulnerability, tracked as CVE-2023-22515, since September 14, some three weeks before Atlassian's public disclosure on October 4. A bug is considered a zero-day when the vendor -- in this case Atlassian -- has zero time to fix the bug before it is exploited. Atlassian updated its advisory this week to confirm it has "evidence to suggest that a known nation-state actor" is exploiting the bug, which the company says could allow a remote attacker to create unauthorized administrator accounts to access Confluence servers. Atlassian's Confluence is a widely popular collaborative wiki system used by corporations around the world to organize and share work.

This discussion has been archived. No new comments can be posted.

State-backed Hackers Are Exploiting New 'Critical' Atlassian Zero-Day Bug

Comments Filter:
  • My organization just underwent a migration from locally-hosted (on-premises) Confluence Server to hosting on the Atlassian cloud. We didn't want to, but Atlassian strong-armed it as "your local license isn't getting renewed, so you can either migrate or be shit outta luck". TFA indicates that this affects locally-hosted Confluence Server instances. So maybe we dodged a bullet? (I don't know the details: I'm just a user, not involved in administering these tools.)
    • by Anonymous Coward

      ... So maybe we dodged a bullet? (I don't know the details: I'm just a user, not involved in administering these tools.)

      unless Atlassian Cloud uses that software in the back end...

    • Unless your company's Confluence instance was exposed to the public Internet, probably not doding a bullet. That would require exploit chaining and pre existing access to get to the confluence server such as a zero trust gateway or old fashioned VPN. If a state actor was already in the network some individual vulnerability is probably not going to be the only thing that allows them to expand their access, there's plenty of ways from there.
  • by awwshit ( 6214476 ) on Wednesday October 11, 2023 @04:12PM (#63919369)

    Are there any decent Confluence alternatives? FOSS preferred.

    I run an Confluence internally. Atlassian is forcing everyone to go with the cloud offering unless you pay $25000 a year or more. Confluence is pricing itself out of the market, you are really doing something wrong when you make Oracle look cheap.

  • Create a story to that contains a task to delete the entire Atlassian epic.

  • How do they know this?

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...