Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
Sept. 2, 2024, 4:20 p.m.
Description
Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-resident to evade disk-based detection. The vulnerability allows unauthenticated attackers to perform remote code execution. The attack chain involves exploiting the vulnerability, loading a loader into the victim server, and activating the Godzilla webshell. This sophisticated Chinese-language backdoor poses significant challenges for legacy anti-virus solutions, highlighting the importance of regular server patching and advanced security measures.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 2, 2024, 4:06 p.m. | Sept. 2, 2024, 4:06 p.m. | Sept. 2, 2024, 4:20 p.m. |
Attack Patterns
Godzilla
T1048.001
T1505.003
T1055.003
T1573.001
T1059.004
T1140
T1190
CVE-2023-22527