Article Details
Scrape Timestamp (UTC): 2023-10-11 04:17:55.372
Source: https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Original Article Text
Click to Toggle View
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability. Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server," the company noted in a series of posts on X (formerly Twitter). "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application." CVE-2023-22515, rated 10.0 on the CVSS severity rating system, allows remote attackers to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions - While the exact scale of the attacks is not clear, Atlassian said that it was made aware of the problem by "a handful of customers," meaning it had been exploited as a zero-day by the threat actor. It's worth noting that Oro0lxy refers to a digital alias created by Li Xiaoyu, a Chinese hacker who was accused by the U.S. Department of Justice (DoJ) in July 2020 of infiltrating "hundreds of companies" in the U.S., Hong Kong, and China, including coronavirus vaccine research developer Moderna. Xiaoyu is said to have been assigned to the Guangdong regional division of the Ministry of State Security (MSS). "The defendants in some instances acted for their own personal financial gain, and in others for the benefit of the MSS or other Chinese government agencies," the DoJ said. "The hackers stole terabytes of data which comprised a sophisticated and prolific threat to U.S. networks." Organizations relying on Confluence applications are highly recommended to upgrade to the latest versions to mitigate any potential threats, and also isolate them from the public internet until the fixes are in place.
Daily Brief Summary
Microsoft linked an exploitation of a critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062.
The vulnerability, tracked as CVE-2023-22515 and rated 10.0 on the CVSS severity scale, enables remote attackers to create unauthorized Confluence administrator accounts and access servers.
The company's threat intelligence team detected in-the-wild abuse of the vulnerability as of September 14, 2023, but the full extent of the attacks remains uncertain.
Oro0lxy, an alias linked to Storm-0062, is associated with Li Xiaoyu, a Chinese hacker previously accused by the U.S. Department of Justice (DoJ) of infiltrating hundreds of companies in the U.S., Hong Kong, and China, including COVID-19 vaccine research developer Moderna.
Xiaoyu, allegedly operating under the Guangdong regional division of China's MSS faces accusations from the DoJ of data theft for both personal gain and in service of the Chinese government.
Organizations using Confluence applications are advised to upgrade to the latest versions and isolate their networks from public internet access until necessary security fixes are in place.