Security News > 2023 > November > Novel backdoor persists even after critical Confluence vulnerability is patched

Novel backdoor persists even after critical Confluence vulnerability is patched
2023-11-14 11:00

A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.

The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied.

Experts at Aon's incident response provider Stroz Friedberg said the backdoor is a novel piece of malware called Effluence.

"The malware is difficult to detect and organizations with Confluence servers are advised to investigate thoroughly, even if a patch was applied," according to the advisory.

In these cases, web shells can only be accessed if the attacker is able to log into Confluence or via an attacker-controlled webpage.

Defenders may find evidence of use when reviewing static confluence pages, monitoring the response size in relation to the organization's baseline range.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/14/novel_backdoor_persists_confluence/

Related news