Microsoft has accused Chinese state-linked hackers of exploiting a critical security gap in Atlassian software to break into customer systems.
The hole was in Atlassian’s Confluence software, which is used by businesses to centralise information. The firm has given it the highest possible severity rating because it can be exploited anonymously and remotely.
“We have evidence to suggest that a known nation-state actor is actively exploiting [the vulnerability],” Atlassian told its customers on Wednesday.
Microsoft’s cybersecurity division said it had detected a “nation-state threat actor” known by various names such as Storm-0062, DarkShadow or Oro0lxy exploiting the vulnerability as long ago as 14 September.
Atlassian first reported the vulnerability on 4 October. Should they gain access, hackers would be able to access Confluence systems and create administrator accounts which could let them access sensitive information or if the system has details of the victim’s wider IT setup, execute further hacks.
The version of Confluence that runs in Atlassian’s cloud is not affected. The company has urged customers running older versions of Confluence on their own systems to immediately upgrade to later versions that do not have the vulnerability.
The Chinese Embassy in Canberra did not immediately reply to a request for comment from the Australian Financial Review, but the Chinese government has long denied it has any role in hacking overseas.
An Atlassian spokeswoman said it encouraged customers to share evidence of any compromised systems to support its response.
“Our priority is the security of our customers’ instances during this critical vulnerability, and we are collaborating with industry-leading threat intelligence partners, such as Microsoft, to obtain additional information that may assist customers with responding to the vulnerability,” the spokeswoman said.
However, the firm said that it would be unable to confirm whether a customer’s Confluence system had been hacked and asked them to look for clues that it may have happened.
“If any evidence is found, you should assume that your instance has been compromised and evaluate the risk of flow-on effects,” Atlassian’s advice to customers reads.
If hackers have got into a Confluence system, Atlassian says, they can “perform any number of unfettered actions” including stealing content, system credentials and installing smaller pieces of malicious code called plug-ins.
Talented yet vulnerable prospective candidates looking for a career in tech have recently received a boost with a Motorola Solutions Foundation Grant for Generation Australia’s Cloud Computing Bootcamp. The 16-week part-time program is designed for those unemployed, under-employed or at demonstrable risk of unemployment, including First Nations, women, neurodiverse and those from CALD backgrounds. Cloud […]
Snap Inc. has announced a host of new hires across its team in Australia, including Dina Bailey as ANZ agency lead. Lead image: L to R – Dina Bailey, Bethany Rao-Davies, Sarah Ding, Rob Fitzpatrick, Tony, Daniel King, Elise Keeling The new hires include Dina Bailey, ANZ agency lead; Daniel King, senior client partner; and […]
X, the platform formerly known as Twitter, has been kicked out of Australia’s code for managing misinformation and disinformation online due to its lack of response to user complaints during the Voice to Parliament referendum. Lead image; Linda Yaccarino, CEO, X Twitter and subsequently X, had been a signatory to the Australian Code of Practice […]