Microsoft Issues Warning Over Critical Atlassian Confluence Vulnerability Used by Nation-State Hackers

Microsoft Issues Warning

Microsoft Issues Warning Over Critical Atlassian Confluence Vulnerability Used by Nation-State Hackers

Microsoft has identified Storm-0062 (also known as DarkShadow or Oro0lxy) as a nation-state actor it tracks as being responsible for the exploitation of a recently reported major vulnerability in the Atlassian Confluence Data Center and Server.

Since September 14, 2023, the vulnerability has apparently been exploited in the wild, according to the threat intelligence division of the tech giant.

The business stated in a series of posts on X (previously Twitter) that “CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server.”

“CVE-2023-22515 allows anybody to establish a Confluence administrator account within a vulnerable application from any device with a network connection to the application.”

CVE-2023-22515, which has a CVSS severity level of 10.0, enables remote attackers to gain access to Confluence servers and create unauthorized Confluence administrator accounts. The following versions have been updated to fix the issue:

  • 3.3 or later
  • 4.3 or later, and
  • 5.2 (Long-Term Support release) or later.

Although the precise scope of the attacks is unclear, Atlassian stated that it was made aware of the issue by “a handful of customers,” indicating that the threat actor had used it as a zero-day vulnerability.

It should be noted that the term “Oro0lxy” refers to a digital alias made by Li Xiaoyu, a Chinese hacker who was charged in July 2020 by the U.S. Department of Justice (DoJ) with hacking into “hundreds of companies” in the U.S., Hong Kong, and China, including coronavirus vaccine researcher Moderna.


Xiaoyu was given a position with the Ministry of State Security’s (MSS) regional Guangdong division.


“The accused sometimes operated in the MSS’s or other Chinese government agencies’ best interests, and other times they did so for their own financial advantage.”

“Terabytes of data were stolen by the hackers, posing a sophisticated and significant danger to American networks.”

It is strongly advised that businesses dependent on Confluence applications update to the most recent versions in order to mitigate any potential dangers and keep their networks off the general internet until the issues have been resolved.

About The Author

Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.

Read More News Here:

Cyberwar Erupts During Israel-Hamas Clash With India Entering The Picture

India’s Digital Transformation Confronts Increasing Cyber Threats; Strong Defense Tactics Are Required: NTRO Chief Arun Sinha at c0c0n 2023.

Google Implements Passkeys as the Default Mechanism for Signing in for All Users

The Government of India has issued a ‘Sexual Content’ Warning for X, YouTube, and Telegram.

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?