Microsoft has revealed that Chinese state-backed hackers are actively exploiting a “critical”-rated zero-day vulnerability in Atlassian software. The vulnerability affects Atlassian Confluence Data Center and Server, a widely used collaborative wiki system. Microsoft’s threat intelligence team, in a recent post on X (formerly Twitter), stated that it has observed a nation-state threat actor known as Storm-0062 exploiting the flaw. This actor has been previously identified by Microsoft as a China-based state-sponsored hacker.
Key Takeaway
Microsoft has detected Chinese state-sponsored hackers exploiting a critical zero-day vulnerability in Atlassian software. The vulnerability allows unauthorized access to Confluence servers, potentially compromising sensitive information. Atlassian has released a patch and is urging all users to upgrade their systems to protect against this exploit.
Details of the Attack
Microsoft has observed the exploitation of the vulnerability, tracked as CVE-2023-22515, in the wild since September 14, well before Atlassian’s public disclosure on October 4. The exploitation of a vulnerability before the vendor has a chance to fix it is referred to as a zero-day attack. The flaw allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers, potentially compromising sensitive information.
Atlassian’s Response
Atlassian has updated its advisory to confirm that it has evidence suggesting that a known nation-state actor is behind the exploitation of the bug. However, the company has not specifically linked the attack to China. Atlassian is working closely with Microsoft on addressing the issue and has released a patch for the vulnerability. The company is urging all users to upgrade their systems as soon as possible.
Investigation and Impact
Atlassian has reported receiving reports of exploitation from a handful of customers, but the scale of customer compromise is still unknown. The company has not disclosed whether any data theft has occurred as a result of the vulnerability. Atlassian is actively investigating the situation and is encouraging customers to share evidence of compromise to assist in their efforts to resolve the issue.