Security News > 2023 > October > Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062's involvement in CVE-2023-22515's exploitation and posted four offending IP addresses on a thread on Twitter.
Storm-0062 is a state hacking group linked to China's Ministry of State Security and known for targeting software, engineering, medical research, government, defense, and tech firms in the U.S., U.K., Australia, and various European countries to collect intelligence.
A week has passed since Atlassian rolled out security updates for the affected products, so users have had ample time to respond to the situation before the PoC exploit's public release.
Atlassian patches critical Confluence zero-day exploited in attacks.
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers.
News URL
Related news
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-22515 | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |