Confluence Servers Hacked to Install Miners and Rootkits

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency.

On March 20, Atlassian released patches for two critical-severity vulnerabilities affecting Confluence Server and Confluence Data Center. Of them, CVE-2019-3396, is a server-side template injection in the Widget Connector that can lead to remote code execution.

Three weeks later, cybercriminals created the first exploit for this security bug and started hitting vulnerable Confluence servers. Troy Mursch of Bad Packets security company noticed exploitation activity from an IP address in Romania, dropping the Dofloo DDoS malware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top