Cryptojacking campaigns have been conducted by three threat operations through the exploitation of the maximum severity Atlassian Confluence Data Center and Confluence Server template injection flaw, tracked as CVE-2023-22527, reports Security Affairs.
Attacks by the first threat actor involved abuse of the flaw to deploy the XMRig miner while the second threat actor leveraged a shell script to facilitate miner delivery across a targeted environment's accessible endpoints, a Trend Micro analysis revealed. Further examination of the latter's intrusions showed that the script allowed known cryptomining process termination, cron job deletion, and security service deactivation, before enabling XMRig miner downloading and log deletion activities. "With its continuous exploitation by threat actors, CVE-2023-22527 presents a significant security risk to organizations worldwide. To minimize the risks and threats associated with this vulnerability, administrators should update their versions of Confluence Data Center and Confluence Server to the latest available versions as soon as possible," said researchers.
