Hackers are targeting Atlassian Confluence document collaboration software en masse, leading U.S. Cyber Command to issue an urgent warning.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend," tweeted U.S. Cyber Command.
Cyber Command follows an Australian Cyber Security Centre alert issued on September 2.
CVE-2021-26084 is an OGNL-injection vulnerability patched August 25 offering remote code execution that affects versions of the product before 6.13.23, 7.11.6, 7.12.5, 7.13.0, and 7.4.11. It was originally discovered through the firm's Bug Bounty program. The bug does not impact Confluence Cloud customers.
The Bad Packets Twitter account appeared to be the first to mention the widespread attacks Sept. 1.
"We've detected mass scanning and exploit activity from hosts in 🇧🇷 🇨🇳 🇭🇰 🇳🇵🇷🇴 🇷🇺 🇺🇸 targeting Atlassian Confluence servers vulnerable to remote code execution," it wrote.
Confluence is a widely used product. According to Atlassian's website, its customers include HubSpot, Audi, Morningstar, the New York Times, NASA, LinkedIn, Docker and GoPro.
"As always, we recommend that our server and data center customers apply the latest security patches as soon as they are available in order to receive the latest features and fixes. We also recommend that our customers move to the cloud versions of Atlassian products to ensure they automatically receive the upgrades and security patches," said Adrian Ludwig, Atlassian's chief information security officer, in a statement.