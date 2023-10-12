Microsoft identifies "Oro0lxy" as Confluence attacker

By

Atlassian vulnerability exploit attributed to Chinese hacker.

A bug in Atlassian’s Confluence data centre and server software is under attack, allegedly from threat actors in China.

Microsoft identifies "Oro0lxy" as Confluence attacker

Atlassian disclosed the zero-day vulnerability, CVE-2023-22515, last week, saying a small number of customers had suffered exploitation.

Now, in a series of messages posted to X (formerly Twitter), Microsoft said it had identified attack traffic it attributes to a threat actor dubbed Storm-0062, beginning on September 14.

Microsoft sourced the attacks to the following four IP addresses: 192.69.90.31, 104.128.89.92, 23.105.208.154, and 199.193.127.231.

“Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application,” the company added.

Microsoft noted that “Storm-0062 is tracked by others as DarkShadow or Oro0lxy.”

While Microsoft didn’t specifically identify China in its messages, Oro0lxy is an alias used by Li Xiaoyu, a Chinese national the US Department of Justice (DoJ) accused of hacking on behalf of China’s Ministry of State Security in a June 2020 indictment [pdf].

The DoJ said Xiaoyu and Dong Jiazhi were prolific hackers who breached hundreds of companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom over a 10-year period.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
atlassianconfluencemicrosoftsecurity

Sponsored Whitepapers

How to reach the &#8216;Holy Grail&#8217; of security and performance with SASE
How to reach the ‘Holy Grail’ of security and performance with SASE
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Transforming Your Business
Transforming Your Business
The Complete Cloud Security Buyer's Guide
The Complete Cloud Security Buyer's Guide
The Complete MDR Buyer's Guide
The Complete MDR Buyer's Guide

Events

Most Read Articles

Apple moves on kernel bug

Apple moves on kernel bug
Atlassian patches under-attack Confluence zero-day

Atlassian patches under-attack Confluence zero-day
Home Affairs website hit by DDoS attack

Home Affairs website hit by DDoS attack
ACT government CISO role elevated to executive level

ACT government CISO role elevated to executive level

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
State of Security 2023
State of Security 2023
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding

Log In

  |  Forgot your password?