Atlassian Confluence zero-day attacks launched by Chinese APT group

Vulnerable Atlassian Confluence Data Center and Server instances have been targeted by Chinese state-backed threat operation Storm-0062, also known as DarkShadow and Oro0lxy, in ongoing attacks exploiting a zero-day flaw, tracked as CVE-2023-22515, since Sept. 14, or three weeks prior to the bug's disclosure, SecurityWeek reports. Exploits aimed at the privilege escalation bug have been sent from four IP addresses, according to a Microsoft report. "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application," said Microsoft, which urged immediate isolation of impacted Confluence apps, as well as prompt upgrades to newer versions with fixes for the issue. Atlassian, which updated its guidance to reflect reported nation-state exploitation of the Confluence vulnerability, has warned that updating already compromised instances will not remove infections. "If it is determined that your instance has been compromised, our advice is to immediately shut down and disconnect the server from the network/Internet," Atlassian added.