Application security

Atlassian Confluence under active attack, warns Cyber Command

Hackers are targeting Atlassian Confluence document collaboration software en masse, leading U.S. Cyber Command to issue an urgent warning.  (“Atlassian Sydney Office All-Hands” by doctorDray is licensed under CC BY 2.0)
Hackers are targeting Atlassian Confluence document collaboration software en masse, leading U.S. Cyber Command to issue an urgent warning. ("Atlassian Sydney Office All-Hands" by doctorDray is licensed under CC BY 2.0)

Hackers are targeting Atlassian Confluence document collaboration software en masse, leading U.S. Cyber Command to issue an urgent warning.

"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend," tweeted U.S. Cyber Command.

Cyber Command follows an Australian Cyber Security Centre alert issued on September 2.

CVE-2021-26084 is an OGNL-injection vulnerability patched August 25 offering remote code execution that affects versions of the product before 6.13.23, 7.11.6, 7.12.5, 7.13.0, and 7.4.11. It was originally discovered through the firm's Bug Bounty program. The bug does not impact Confluence Cloud customers.

The Bad Packets Twitter account appeared to be the first to mention the widespread attacks Sept. 1.

"We've detected mass scanning and exploit activity from hosts in 🇧🇷 🇨🇳 🇭🇰 🇳🇵🇷🇴 🇷🇺 🇺🇸 targeting Atlassian Confluence servers vulnerable to remote code execution," it wrote.

Confluence is a widely used product. According to Atlassian's website, its customers include HubSpot, Audi, Morningstar, the New York Times, NASA, LinkedIn, Docker and GoPro.

"As always, we recommend that our server and data center customers apply the latest security patches as soon as they are available in order to receive the latest features and fixes. We also recommend that our customers move to the cloud versions of Atlassian products to ensure they automatically receive the upgrades and security patches," said Adrian Ludwig, Atlassian's chief information security officer, in a statement.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.