Security News > 2023 > November > Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
2023-11-07 07:14

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber ransomware.

Both vulnerabilities are critical, allowing threat actors to create unauthorized Confluence administrator accounts and lead to data loss.

Atlassian, on November 6, updated its advisory to note that it observed "Several active exploits and reports of threat actors using ransomware" and that it is revising the CVSS score of the flaw from 9.8 to 10.0, indicating maximum severity.

Attack chains involve mass exploitation of vulnerable internet-facing Atlassian Confluence servers to fetch a malicious payload hosted on a remote server, leading to the execution of the ransomware payload on the compromised server.

Arctic Wolf Labs has disclosed that a severe remote code execution flaw impacting Apache ActiveMQ is being weaponized to deliver a Go-based remote access trojan called SparkRAT as well as a ransomware variant that shares similarities with TellYouThePass.

"Evidence of exploitation of CVE-2023-46604 in the wild from an assortment of threat actors with differing objectives demonstrates the need for rapid remediation of this vulnerability," the cybersecurity firm said.


News URL

https://thehackernews.com/2023/11/experts-warn-of-ransomware-hackers.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-22518 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability.
network
low complexity
atlassian CWE-863
critical
9.8
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in multiple products
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp CWE-502
critical
9.8
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634
Atlassian 58 3 259 104 46 412