ºÚÁÏÕýÄÜÁ¿

On September 3, 2021, USCYBERCOM issued an alert related to mass exploitation of an Atlassian Confluence Server and Data Center vulnerability, CVE-2021-26084. The threat is ongoing and expected to accelerate. 

Atlassian Confluence is a popular web-based corporate team workspace designed to help employees collaborate on various projects. 

Successful exploitation of this vulnerability could allow an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. Depending on the privileges associated with the instance, an attacker could view, change, or delete data. 

On August 25, 2021, Atlassian  on compromised Confluence servers. 

Even though these attackers are currently only deploying cryptocurrency miners, attacks can quickly escalate if the threat actors start moving laterally through corporate networks from compromised on-prem Confluence servers to drop ransomware payloads and exfiltrate data. 

 View the entire report below.