Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.
Atlassian Confluence is a highly popular web-based corporate team workspace that helps employees collaborate on various projects.
On August 25, Atlassian
issued security updates to patch a Confluence remote code execution (RCE) vulnerability tracked as CVE-2021-26084 and exploited in the wild.
Successful exploitation enables unauthenticated attackers to execute commands on unpatched servers remotely.
Ransomware gangs start targeting Confluence servers
The discovery was made by SophosLabs researchers while investigating a recent incident. They also found that the ransomware used by this new group is almost identical to
LockFile, which is itself
very similar to the one used by the
LockBit ransomware group.
Atlassian warns of exploit for Confluence data wiping bug, get patching
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) according to Google
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks![[correlate]](/data/avatars/s/79/79653.jpg?1556985072)
Critical PHP RCE vulnerability mass exploited in new attacks