"Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability"

Microsoft has attributed the exploitation of a critical vulnerability in Atlassian Confluence Data Center and Server to the nation-state actor Storm-0062, also known as DarkShadow or Oro0lxy. Since September 14, 2023, the company's threat intelligence team has observed the vulnerability being exploited in the wild. According to Microsoft, any device with a network connection to a vulnerable application can exploit the vulnerability, tracked as CVE-2023-22515, to create a Confluence administrator account within the application. The vulnerability, with a severity rating of 10, enables remote attackers to create unauthorized Confluence administrator accounts and access Confluence servers. This article continues to discuss the exploitation of a critical flaw in Atlassian Confluence Data Center and Server by the nation-state actor Storm-0062.

THN reports "Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability"

Submitted by grigby1

Submitted by Gregory Rigby on