A joint Cybersecurity Advisory from the Cybersecurity and Infrastructure Security Agency, FBI and Multi-State Information Sharing and Analysis Center reveals that malicious threat actors exploit certain versions of Atlassian Confluence Data Center and Server for initial access to networks.
CISA said Monday the exploitation of Atlassian Confluence vulnerability CVE-2023-22515 enabled attackers to access victim systems and was done through the creation and use of unauthorized Confluence administrator accounts.
In anticipation of widespread and continued exploitation, CISA, FBI and MS-ISAC are pressing network administrators for quick application of Atlassian-provided upgrades. Organizations are also urged to scan for malicious network activities and to implement incident response recommendations if a possible compromise is flagged.
The CSA has detection signatures and indicators of compromise that organizations could use to identify breaches.
“While Atlassian’s advisory provides interim measures to temporarily mitigate known attack vectors, CISA, FBI, and MS-ISAC strongly encourage upgrading to a fixed version or taking servers offline to apply necessary updates,” the release reads.
