Newsnews
AI Developments News

New Critical Atlassian Zero-Day Exploited By State-Backed Hackers, Microsoft Says

Written by: Malanie Walls | Published: 12 October 2023 | Modified: 1 December 2023
new-critical-atlassian-zero-day-exploited-by-state-backed-hackers-microsoft-says
AI Developments

Microsoft has revealed that Chinese state-backed hackers are actively exploiting a “critical”-rated zero-day vulnerability in Atlassian software. The vulnerability affects Atlassian Confluence Data Center and Server, a widely used collaborative wiki system. Microsoft’s threat intelligence team, in a recent post on X (formerly Twitter), stated that it has observed a nation-state threat actor known as Storm-0062 exploiting the flaw. This actor has been previously identified by Microsoft as a China-based state-sponsored hacker.

Key Takeaway

Microsoft has detected Chinese state-sponsored hackers exploiting a critical zero-day vulnerability in Atlassian software. The vulnerability allows unauthorized access to Confluence servers, potentially compromising sensitive information. Atlassian has released a patch and is urging all users to upgrade their systems to protect against this exploit.

Details of the Attack

Microsoft has observed the exploitation of the vulnerability, tracked as CVE-2023-22515, in the wild since September 14, well before Atlassian’s public disclosure on October 4. The exploitation of a vulnerability before the vendor has a chance to fix it is referred to as a zero-day attack. The flaw allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers, potentially compromising sensitive information.

Atlassian’s Response

Atlassian has updated its advisory to confirm that it has evidence suggesting that a known nation-state actor is behind the exploitation of the bug. However, the company has not specifically linked the attack to China. Atlassian is working closely with Microsoft on addressing the issue and has released a patch for the vulnerability. The company is urging all users to upgrade their systems as soon as possible.

Investigation and Impact

Atlassian has reported receiving reports of exploitation from a handful of customers, but the scale of customer compromise is still unknown. The company has not disclosed whether any data theft has occurred as a result of the vulnerability. Atlassian is actively investigating the situation and is encouraging customers to share evidence of compromise to assist in their efforts to resolve the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Related Posts

Is Windows Defender Good Enough to Protect Your PC?
TECHNOLOGY

Is Windows Defender Good Enough to Protect Your PC?

by Idell Rood | 20 December 2020
Zero Day Vulnerability: What is It and How Does It Work?
TECHNOLOGY

Zero Day Vulnerability: What is It and How Does It Work?

by Caterina Nicolas | 29 December 2020
State-backed Hackers Exploiting New Ivanti VPN Zero-days
News

State-backed Hackers Exploiting New Ivanti VPN Zero-days

by Dominica Malinowski | 17 January 2024
The Year Of Data Breaches: A Recap Of The Biggest Incidents Of 2023
News

The Year Of Data Breaches: A Recap Of The Biggest Incidents Of 2023

by Rubie Mayhew | 27 December 2023
U.S. Orders Federal Agencies To Disconnect Flawed Ivanti VPN Tech Within 48 Hours
News

U.S. Orders Federal Agencies To Disconnect Flawed Ivanti VPN Tech Within 48 Hours

by Linnet Chan | 2 February 2024
State-backed Hackers Are Exploiting New Ivanti VPN Zero-days — But No Patches Yet
News

State-backed Hackers Are Exploiting New Ivanti VPN Zero-days — But No Patches Yet

by Charita Grinnell | 1 February 2024
Cisco Devices Compromised In Large-scale Zero-Day Exploitation
News

Cisco Devices Compromised In Large-scale Zero-Day Exploitation

by Tamiko Lattimore | 20 October 2023
State-backed Hackers Exploiting New Ivanti VPN Zero-day Vulnerabilities
News

State-backed Hackers Exploiting New Ivanti VPN Zero-day Vulnerabilities

by Devora Gorski | 12 January 2024

Recent Stories

Learn To Convert Scanned Documents Into Editable Text With OCR
Software Tutorials

Learn To Convert Scanned Documents Into Editable Text With OCR

by Malanie Walls | 26 April 2024
Top Mini Split Air Conditioner For Summer
Buyer's Guides

Top Mini Split Air Conditioner For Summer

by Malanie Walls | 26 April 2024
Comfortable and Luxurious Family Life | Zero Gravity Massage Chair
Buyer's Guides

Comfortable and Luxurious Family Life | Zero Gravity Massage Chair

by Malanie Walls | 26 April 2024
Fintechs and Traditional Banks: Navigating the Future of Financial Services
General Fintech

Fintechs and Traditional Banks: Navigating the Future of Financial Services

by Malanie Walls | 18 April 2024
AI Writing: How It’s Changing the Way We Create Content
AI

AI Writing: How It’s Changing the Way We Create Content

by Malanie Walls | 3 April 2024
How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators
Digital Media & Creative Tech

How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators

by Malanie Walls | 28 March 2024
How to Know When it’s the Right Time to Buy Bitcoin
Cryptocurrency

How to Know When it’s the Right Time to Buy Bitcoin

by Malanie Walls | 28 March 2024
Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!
Education

Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!

by Malanie Walls | 23 March 2024