Ransomware exploitation of Atlassian Confluence flaw confirmed

Atlassian has confirmed exploitation of an already addressed Confluence Data Center and Server flaw, tracked as CVE-2023-22518, to facilitate ransomware deployment after a Rapid7 report observed related infections with the Cerber ransomware, which is long believed to be defunct, reports The Record, a news site by cybersecurity firm Recorded Future. Attacks have been attributed by Rapid7 to Cerber ransomware following the discovery of the "C3RB3R Instructions" ransomware note and "LOCK3D" extension in encrypted files but Rapid7 Head of Vulnerability Research Caitlin Condon said that the intrusion was not necessarily conducted by the Cerber ransomware operation but by a threat actor using the group's leaked source code. "Unpatched instances remain vulnerable and we continue to urge those Confluence Data Center and Server customers to take immediate action," said an Atlassian spokesperson. Such disclosure also comes after Atlassian Chief Information Security Officer Bala Sathiamurthy alerted about the risk of significant data loss that could potentially arise from intrusions leveraging the vulnerability.