Cert2Connect

Threat Actors Have Been Seen Exploiting Vulnerability CVE-2023-22527 To Deploy C3RB3R Ransomware

Exploitation of a vulnerability in Confluence Server CVE-2023-22527 is leading to deployment of C3RB3R ransomware as well as other payloads. The vulnerability was disclosed by Atlassian in January of 2024. Following disclosure of exploit code multiple IP addresses were seen exploiting vulnerable systems. Payloads dropped included C3RB3R ransomware Sliver implant XorDDoS trojan and cryptocurrency mining malware. Due to availability of the exploit code its believed multiple threat actors have been exploiting the vulnerability. Although request content isnt logged by default signs of exploitation include POST requests to /template/aui/text-inline.vm.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak