Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-text-to-speech domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-bookmark-follow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the soledad domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-paywall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-frontend-submission domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114
Microsoft warns of nation-state hackers exploiting critical Atlassian Confluence vulnerability – HacksByte

Microsoft warns of nation-state hackers exploiting critical Atlassian Confluence vulnerability

Microsoft has linked the exploit of a recently discovered critical flaw in Atlassian Confluence data centers and servers to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).

The tech giant’s threat intelligence team said it has seen wild abuse of the vulnerability since September 14, 2023.

“CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence data centers and servers,” the company noted in a series of posts on  Twitter.

“Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application.”

CVE-2023-22515, rated 10.0 on the CVSS severity rating system, allows remote attackers to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions –

  • 8.3.3 or later
  • 8.4.3 or later, and
  • 8.5.2 (Long Term Support release) or later

Although the exact scale of the attacks is unclear, Atlassian said it was made aware of the problem by “a handful of customers”, implying that the threat actor had used it as a zero-day.

It’s worth noting that Oro0lxy refers to a digital alias created by Li Xiaoyu, a Chinese hacker who was accused by the U.S. Department of Justice (DoJ) in July 2020 of infiltrating “hundreds of companies” in the U.S., Hong Kong, and China, including coronavirus vaccine research developer Moderna.

Xiaoyu, alongside DONG Jiazhi, is said to be assigned to the Guangdong regional division of the Ministry of State Security (MSS).

“In some cases the defendants acted for their own personal financial gain and in others for the benefit of MSS or other Chinese government agencies,” the DOJ said. “Hackers stole terabytes of data containing a sophisticated and massive threat to US networks.”

Organizations that rely on Confluence applications are highly recommended to upgrade to the latest versions to mitigate any potential threats and isolate them from the public internet until resolved.

Related posts

Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

Chinese hackers exploited FortiGate Flaw to break the Dutch Military Network

Hackers are taking advantage of Ivanti VPN flaws to deploy KrustyLoader malware

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More