Threat Actors Have Been Seen Exploiting Vulnerability CVE-2023-22527 To Deploy C3RB3R Ransomware
Exploitation of a vulnerability in Confluence Server CVE-2023-22527 is leading to deployment of C3RB3R ransomware as well as other payloads. The vulnerability was disclosed by Atlassian in January of 2024. Following disclosure of exploit code multiple IP addresses were seen exploiting vulnerable systems. Payloads dropped included C3RB3R ransomware Sliver implant XorDDoS trojan and cryptocurrency mining malware. Due to availability of the exploit code its believed multiple threat actors have been exploiting the vulnerability. Although request content isnt logged by default signs of exploitation include POST requests to /template/aui/text-inline.vm.