Security News > 2023 > October > Microsoft: State hackers exploiting Confluence zero-day since September

Microsoft: State hackers exploiting Confluence zero-day since September
2023-10-11 14:29

Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.

Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062's involvement in CVE-2023-22515's exploitation and posted four offending IP addresses on a thread on Twitter.

Storm-0062 is a state hacking group linked to China's Ministry of State Security and known for targeting software, engineering, medical research, government, defense, and tech firms in the U.S., U.K., Australia, and various European countries to collect intelligence.

A week has passed since Atlassian rolled out security updates for the affected products, so users have had ample time to respond to the situation before the PoC exploit's public release.

Atlassian patches critical Confluence zero-day exploited in attacks.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-state-hackers-exploiting-confluence-zero-day-since-september/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8