Tag: confluence

4 Attack Reports | 0 Vulnerabilities

Attack reports

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

A threat actor exploited an unpatched Confluence server using CVE-2023-22527, gaining initial access. They used Metasploit for command and control, then installed AnyDesk for persistent remote access. The attacker performed extensive network discovery, attempted privilege escalation using various t…

Published: May 19, 2025

Linked vulnerabilities : CVE-2021-34527, CVE-2020-1472, CVE-2023-22527, CVE-2023-22518

Downloadable IOCs: 33

Confluence Exploit Leads to LockBit Ransomware

An intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, leading to LockBit ransomware deployment across the environment. The threat actor utilized various tools including Mimikatz, Metasploit, and AnyDesk. They leveraged RDP for lateral movement and deplo…

credential theft

lateral movement

Published: February 24, 2025

Linked vulnerabilities : CVE-2017-0199, CVE-2023-22515, CVE-2023-22527, CVE-2023-22518

Downloadable IOCs: 15

A Deep Dive into TeamTNT and Spinning YARN

TeamTNT is conducting a crypto mining campaign called Spinning YARN, targeting Docker, Redis, YARN, and Confluence. The attack involves server-side scripting vulnerabilities, obfuscated code, and malware deployment. The malware assesses the environment, disables cloud security, establishes persiste…

Published: December 18, 2024

Downloadable IOCs: 35

More Than Just a Corporate Wiki? How Threat Actors are Exploiting Confluence

Threat actors are increasingly using legitimate third-party business software to evade detection and maintain deception. Atlassian's Confluence is being exploited to host malicious content, leveraging its trusted domain status. The attack involves an email with an Excel attachment containing a Docu…

social engineering

credential theft

Published: October 30, 2024

Downloadable IOCs: 2

Click here to see more Attack Reports