Security News > 2023 > October > Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062's involvement in CVE-2023-22515's exploitation and posted four offending IP addresses on a thread on Twitter.
Storm-0062 is a state hacking group linked to China's Ministry of State Security and known for targeting software, engineering, medical research, government, defense, and tech firms in the U.S., U.K., Australia, and various European countries to collect intelligence.
A week has passed since Atlassian rolled out security updates for the affected products, so users have had ample time to respond to the situation before the PoC exploit's public release.
Atlassian patches critical Confluence zero-day exploited in attacks.
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers.
News URL
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-22515 | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |