Today > 2 Critical | 5 High | 10 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Sept. 2, 2024, 4:20 p.m.

Description

Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-resident to evade disk-based detection. The vulnerability allows unauthenticated attackers to perform remote code execution. The attack chain involves exploiting the vulnerability, loading a loader into the victim server, and activating the Godzilla webshell. This sophisticated Chinese-language backdoor poses significant challenges for legacy anti-virus solutions, highlighting the importance of regular server patching and advanced security measures.

Date

Published: Sept. 2, 2024, 4:06 p.m.

Created: Sept. 2, 2024, 4:06 p.m.

Modified: Sept. 2, 2024, 4:20 p.m.

Attack Patterns

Godzilla

T1048.001

T1505.003

T1055.003

T1573.001

T1059.004

T1140

T1190

CVE-2023-22527