Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Tags

External References

• https://www.trendmicro.com/
• https://otx.alienvault.com/

Description

Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-resident to evade disk-based detection. The vulnerability allows unauthenticated attackers to perform remote code execution. The attack chain involves exploiting the vulnerability, loading a loader into the victim server, and activating the Godzilla webshell. This sophisticated Chinese-language backdoor poses significant challenges for legacy anti-virus solutions, highlighting the importance of regular server patching and advanced security measures.

Date