Chinese government-linked hackers exploit a significant Atlassian software vulnerability, raising concerns.
Microsoft recently disclosed that hackers linked to China have been actively exploiting a newly discovered vulnerability affecting Atlassian software. The vulnerability, identified as CVE-2023-22515, impacts Atlassian’s Confluence Data Center and Server product and has been exploited by threat actors since September 14.
On October 4, Atlassian issued an advisory along with a patch to address this critical security issue. They also confirmed evidence of a known nation-state actor exploiting the vulnerability, underscoring its severity.
Microsoft urges immediate action, stressing that any vulnerable device can create a Confluence admin account using CVE-2023-22515. They recommend software upgrades and network isolation.
Microsoft assigns the temporary name “Storm-0062” to the hackers, also known as DarkShadow or Oro0lxy. While not explicitly mentioning China, Oro0lxy was linked to China’s Ministry of State Security in a 2020 indictment.
The Microsoft disclosure doesn’t definitively attribute the attack or confirm whether Xiaoyu acted alone.
In 2020, Xiaoyu and a collaborator ran a decade-long campaign targeting various countries, attempting cryptocurrency extortion, and exploiting newly disclosed software vulnerabilities. Their tactics often focused on publicly known software vulnerabilities.
Tom Kellermann, a former Obama administration cybersecurity official, highlights China’s extensive cyber espionage network, which prioritizes acquiring zero-day vulnerabilities. Atlassian vulnerabilities have been previously exploited, demanding increased vigilance against such threats.
Related stories:
