Atlassian Confluence workplace a collaboration platform is subjected to mass exploitation by unidentified hackers. In a tweet by Cyber National Mission Force (CNMF), it was revealed that the Atlassian Confluence exploitation is still raging and is expected to escalate.
Numerous exploitation campaigns have been detected in various countries, including the US, Russia, China, Romania, and Nepal. These attacks are being directed at the servers of Atlassian Confluence, making them vulnerable to unauthorized code execution.
Atlassian Confluence is a popular Australia-based virtual documentation service. It allows organizations and their teams to come together and work collaboratively on a project and share information with their internal network. This attack is even more threatening because major companies with millions of users use the platform, including LinkedIn, Hubspot, GoPro, NASA, Audi, Docker, Twilio, and The New York Times.
This vulnerability will allow the attackers to access the software’s servers and execute arbitrary commands to gain administrative-level permissions. A successful exploit attempt will enable them to launch even more malicious attacks against the host targeting unpatched local vulnerabilities.
This issue has been named CVE-2021-26084 and has a 9.8 severity rating on the CVSS scoring system.
The software versions that are vulnerable to exploitation include:
Once the issue was detected, Atlassian requested its users to patch their devices immediately. However, the attackers wasted no time and have started mass-scanning the Internet for unprotected devices to launch their attacks and install crypto-miners.
The only good news is that the Confluence Cloud hosted on public cloud environments is not under the radar of this attack.