Security News > 2022 > June > Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware

Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
2022-06-11 14:31

Ransomware gangs are now targeting a recently patched and actively exploited remote code execution vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks.

Ransomware starts circling unpatched Confluence servers.

BleepingComputer has also been told by numerous victims that Cerber2021 ransomware is actively targeting and encrypting Confluence instances unpatched against CVE-2022-26134.

ID-Ransomware creator Michael Gillespie told BleepingComputer that submissions identified as CerberImposter include encrypted Confluence configuration files-showing that Confluence instances are getting encrypted in the wild.

Microsoft also confirmed Friday night that they have seen Confluence servers exploited to install Cerber2021.

If you can't immediately upgrade your Confluence Server and Data Center instances, you can apply a temporary workaround that requires updating some JAR files on the Confluence server, as described here.


News URL

https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-03 CVE-2022-26134 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8