Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage
Aug 04, 2022
A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch as TAC-040 . "The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory," the company said . "After the initial compromise, the threat actor ran various commands to enumerate the local system, network, and Active Directory environment." The Atlassian vulnerability suspected to have been exploited is CVE-2022-26134 , an Object-Graph Navigation Language (OGNL) injection flaw that paves the way for arbitrary code execution on a Confluence Server or Data Center instance....
