Security News > 2022 > June > Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Ransomware gangs are now targeting a recently patched and actively exploited remote code execution vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks.
Ransomware starts circling unpatched Confluence servers.
BleepingComputer has also been told by numerous victims that Cerber2021 ransomware is actively targeting and encrypting Confluence instances unpatched against CVE-2022-26134.
ID-Ransomware creator Michael Gillespie told BleepingComputer that submissions identified as CerberImposter include encrypted Confluence configuration files-showing that Confluence instances are getting encrypted in the wild.
Microsoft also confirmed Friday night that they have seen Confluence servers exploited to install Cerber2021.
If you can't immediately upgrade your Confluence Server and Data Center instances, you can apply a temporary workaround that requires updating some JAR files on the Confluence server, as described here.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-03 | CVE-2022-26134 | Expression Language Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |