Hackers start exploiting critical Atlassian Confluence RCE flaw
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.
Threat monitoring service Shadowserver reports today that its systems recorded thousands of attempts to exploit CVE-2023-22527, the attacks originating from a little over 600 unique IP addresses. The service says that attackers are trying out callbacks by executing the ‘whoami‘ command to gather information about the level of access and privileges on the system.
The total number of exploitation attempts logged by The Shadowserver Foundation is above 39,000, most of the attacks coming from Russian IP addresses. Shadowserver reports that its scanners currently detect 11,100 Atlassian Confluence instances accessible over the public internet. However, not all of those necessarily run a vulnerable version.