Vulnerable Atlassian Confluence servers targeted in cryptomining attack

Malicious actors have been targeting Atlassian Confluence servers vulnerable to an already fixed critical security bug, tracked as CVE-2022-26134, to facilitate cryptomining attacks, according to The Hacker News. Trend Micro researchers revealed that the flaw has been leveraged to download and execute the "ro.sh" script, which then retrieves the "ap.sh" script meant to eventually launch the hezb cryptocurrency miner. Such a shell script was also observed to deactivate Tencent and Alibaba cloud service provider agents, as well as other coin miners prior to lateral movement, according to the report. " Attackers could take advantage of injecting their own code for interpretation and gain access to the Confluence domain being targeted, as well as conduct attacks ranging from controlling the server for subsequent malicious activities to damaging the infrastructure itself," said Trend Micro researcher Sunil Bharti, who added that the vulnerability could also be exploited to enable total domain takeovers, as well as remote access trojan, information stealer, and ransomware deployment.